| | | | | | | | |
|
| | Log Name | Event Type | Category | Generated On | User | Source | Description
|
| | Application | Warning | None | 2021-10-17 11:23:14 | 1332 | Microsoft-Windows-User Profiles General | 1509: Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\WindowsApps\Backup\ to location \\?\C:\Users\defaultuser0\AppData\Local\Microsoft\WindowsApps\Backup\. This error may be caused by network problems or insufficient security rights. DETAIL - Access is denied.
|
| | Application | Warning | None | 2021-10-17 11:23:14 | 1332 | Microsoft-Windows-User Profiles General | 1509: Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ to location \\?\C:\Users\defaultuser0\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\. This error may be caused by network problems or insufficient security rights. DETAIL - Access is denied.
|
| | Application | Warning | 1 | 2021-10-17 11:23:14 | | ESENT | 642: Catalog Database (1256,D,35) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 11:23:14 | | ESENT | 642: Catalog Database (1256,D,35) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 11:23:14 | | ESENT | 642: Catalog Database (1256,D,40) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 11:23:14 | | ESENT | 642: Catalog Database (1256,D,35) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 11:23:14 | | ESENT | 642: Catalog Database (1256,D,35) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 11:23:14 | | ESENT | 642: Catalog Database (1256,D,40) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | None | 2021-10-17 11:23:15 | 1332 | Microsoft-Windows-User Profiles General | 1509: Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe to location \\?\C:\Users\defaultuser0\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe. This error may be caused by network problems or insufficient security rights. DETAIL - Access is denied.
|
| | Application | Warning | None | 2021-10-17 11:23:15 | 1332 | Microsoft-Windows-User Profiles General | 1509: Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\WindowsApps\Backup to location \\?\C:\Users\defaultuser0\AppData\Local\Microsoft\WindowsApps\Backup. This error may be caused by network problems or insufficient security rights. DETAIL - Access is denied.
|
| | Application | Warning | None | 2021-10-17 11:23:16 | SYSTEM | Microsoft-Windows-User Profiles Service | 1534: Profile notification of event Delete for component {F20133FB-D436-4A11-9EE0-1710AC9E558B} failed, error code is See Tracelogging for error details.
|
| | Application | Warning | 1 | 2021-10-17 11:23:17 | | Windows Search Service | 1008: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
|
| | Application | Warning | 1 | 2021-10-17 11:23:17 | | ESENT | 642: SearchIndexer (4560,D,35) Windows: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 11:23:17 | | ESENT | 642: SearchIndexer (4560,D,35) Windows: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 11:23:24 | | ESENT | 642: wuaueng.dll (5428,D,35) SUS20ClientDataStore: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 11:23:24 | | ESENT | 642: wuaueng.dll (5428,D,35) SUS20ClientDataStore: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Error | 3 | 2021-10-17 11:23:42 | | ESENT | 494: DllHost (6328,U,98) WebCacheLocal: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
|
| | Application | Error | 3 | 2021-10-17 11:23:42 | | ESENT | 454: DllHost (6328,U,98) WebCacheLocal: Database recovery/restore failed with unexpected error -1216.
|
| | Application | Warning | 1 | 2021-10-17 11:23:42 | | ESENT | 642: DllHost (6328,D,35) WebCacheLocal: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 11:23:42 | | ESENT | 642: DllHost (6328,D,35) WebCacheLocal: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 11:23:43 | | ESENT | 642: DllHost (7516,D,35) WebPlatStorage: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 11:23:43 | | ESENT | 642: DllHost (7516,D,35) WebPlatStorage: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Error | None | 2021-10-17 18:24:50 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0x80070057 Command-line arguments: RuleId=379cccfb-d4e0-48fe-b0f2-0136097be147;Action=CleanupState;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;Trigger=TimerEvent
|
| | Application | Warning | 1 | 2021-10-17 18:25:25 | | ESENT | 642: Catalog Database (3372,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 18:25:25 | | ESENT | 642: Catalog Database (3372,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 18:25:46 | | Windows Search Service | 1008: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Version Upgrade}.
|
| | Application | Warning | 1 | 2021-10-17 18:25:46 | | ESENT | 642: SearchIndexer (7008,D,35) Windows: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:25:46 | | ESENT | 642: SearchIndexer (7008,D,35) Windows: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | None | 2021-10-17 18:28:15 | duthien-asus | Microsoft-Windows-User Profiles General | 1509: Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\WindowsApps\Backup\ to location \\?\C:\Users\duthien-asus\AppData\Local\Microsoft\WindowsApps\Backup\. This error may be caused by network problems or insufficient security rights. DETAIL - Access is denied.
|
| | Application | Warning | None | 2021-10-17 18:28:15 | duthien-asus | Microsoft-Windows-User Profiles General | 1509: Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ to location \\?\C:\Users\duthien-asus\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\. This error may be caused by network problems or insufficient security rights. DETAIL - Access is denied.
|
| | Application | Warning | None | 2021-10-17 18:28:15 | duthien-asus | Microsoft-Windows-User Profiles General | 1509: Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe to location \\?\C:\Users\duthien-asus\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe. This error may be caused by network problems or insufficient security rights. DETAIL - Access is denied.
|
| | Application | Warning | None | 2021-10-17 18:28:15 | duthien-asus | Microsoft-Windows-User Profiles General | 1509: Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\WindowsApps\Backup to location \\?\C:\Users\duthien-asus\AppData\Local\Microsoft\WindowsApps\Backup. This error may be caused by network problems or insufficient security rights. DETAIL - Access is denied.
|
| | Application | Error | 3 | 2021-10-17 18:28:30 | | ESENT | 494: DllHost (6880,U,98) WebCacheLocal: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
|
| | Application | Error | 3 | 2021-10-17 18:28:30 | | ESENT | 454: DllHost (6880,U,98) WebCacheLocal: Database recovery/restore failed with unexpected error -1216.
|
| | Application | Warning | 1 | 2021-10-17 18:28:30 | | ESENT | 642: DllHost (6880,D,35) WebCacheLocal: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:28:30 | | ESENT | 642: DllHost (6880,D,35) WebCacheLocal: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:30:02 | | ESENT | 642: Catalog Database (3372,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 18:30:02 | | ESENT | 642: Catalog Database (3372,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 18:30:02 | | ESENT | 642: Catalog Database (3372,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 18:30:02 | | ESENT | 642: Catalog Database (3372,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 18:30:03 | | ESENT | 642: Catalog Database (3372,D,22) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2021-10-17 18:30:12 | | ESENT | 642: DllHost (7612,D,35) WebPlatStorage: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:30:12 | | ESENT | 642: DllHost (7612,D,35) WebPlatStorage: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:30:12 | | ESENT | 642: DllHost (7612,D,35) Microsoft.Windows.Search_cw5n1h2txyewy_NOEDP_LEGACY_IDB: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:30:12 | | ESENT | 642: DllHost (7612,D,35) Microsoft.Windows.Search_cw5n1h2txyewy_NOEDP_LEGACY_IDB: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:30:28 | | ESENT | 642: DllHost (7612,D,35) WebPlatStorage: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:30:28 | | ESENT | 642: DllHost (7612,D,35) WebPlatStorage: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:31:33 | | ESENT | 642: SettingSyncHost (11944,D,35) {3468A4AF-BAE0-4B1C-9559-F2B2043FF706}: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:31:33 | | ESENT | 642: SettingSyncHost (11944,D,35) {3468A4AF-BAE0-4B1C-9559-F2B2043FF706}: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:31:34 | | ESENT | 642: SettingSyncHost (11944,D,35) {47F01D01-A611-4EC2-A529-E1CE96417C99}: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:31:34 | | ESENT | 642: SettingSyncHost (11944,D,35) {47F01D01-A611-4EC2-A529-E1CE96417C99}: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Error | None | 2021-10-17 18:31:35 | duthien-asus | Microsoft-Windows-AppModel-State | 10: The environment is incorrect.
|
| | Application | Warning | 1 | 2021-10-17 18:36:51 | | ESENT | 642: DllHost (12764,D,35) WebCacheLocal: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2021-10-17 18:36:51 | | ESENT | 642: DllHost (12764,D,35) WebCacheLocal: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Error | None | 2021-10-17 18:47:38 | | VSS | 13: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] ?
|
| | Application | Warning | None | 2021-10-17 18:48:17 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Warning | None | 2021-10-17 18:48:17 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Warning | None | 2021-10-17 18:48:17 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Warning | None | 2021-10-17 18:48:17 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Warning | None | 2021-10-17 18:48:17 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Warning | None | 2021-10-17 18:48:17 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Error | None | 2021-10-17 19:00:09 | duthien-asus | Microsoft-Windows-AppModel-State | 11: An attempt was made to load a program with an incorrect format.
|
| | Application | Warning | None | 2021-10-17 19:42:36 | | Steam Client Service | 2: Warning: Updated file "SteamService.exe" from version 0x0006002300130025 to version 0x00060052004c0029.
|
| | Application | Warning | None | 2021-10-17 19:42:36 | | Steam Client Service | 2: Warning: Updated file "secure_desktop_capture.exe" from version 0x0000000000000000 to version 0x00060052004c0029.
|
| | Application | Warning | None | 2021-10-17 19:42:36 | | Steam Client Service | 2: Warning: Updated file "steamxboxutil64.exe" from version 0x0000000000000000 to version 0x00060052004c0029.
|
| | Application | Warning | None | 2021-10-17 19:42:36 | | Steam Client Service | 2: Warning: Updated file "drivers.exe" from version 0x0000000000000000 to version 0x0006004c00500034.
|
| | Application | Warning | None | 2021-10-17 19:42:36 | | Steam Client Service | 2: Warning: Updated file "SteamService.dll" from version 0x0000000000000000 to version 0x00060052004c0029.
|
| | Application | Error | 100 | 2021-10-17 22:44:09 | | Application Error | 1000: Faulting application name: BH.EXE, version: 0.0.0.0, time stamp: 0x39170f21 Faulting module name: igdumdim32.dll, version: 27.20.100.8190, time stamp: 0x5eb1b14d Exception code: 0xc0000005 Fault offset: 0x00015ac5 Faulting process id: 0x1f74 Faulting application start time: 0x01d7c36dd326aebc Faulting application path: E:\GAME\Beach Head 2000\BH.EXE Faulting module path: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_86143bc19510b01f\igdumdim32.dll Report Id: 6f67877c-fd3e-4500-b990-252aa4183157 Faulting package full name: ? Faulting package-relative application ID: ?
|
| | Application | Error | None | 2021-10-19 22:53:11 | | VSS | 13: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] ?
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpclean.resources_31bf3856ad364e35_10.0.19041.1_en-us_a943398c77854b81\pnpclean.dll.mui Handle ID: 0xa28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..nager-rll.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5ce5935f2ccce28\odbcint.dll.mui Handle ID: 0x10ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_en-us_4a1b5785f361c947\pnppolicy.dll.mui Handle ID: 0x90c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7eed11ea07bd4d1c\pnpui.dll.mui Handle ID: 0x1078 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..cingstack.resources_31bf3856ad364e35_10.0.19041.1_en-us_42aac8453420acd4\poqexec.exe.mui Handle ID: 0xc70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_735d057c560c5710\polstore.dll.mui Handle ID: 0x12a4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_422d1efffd701255\ping.exe.mui Handle ID: 0x176c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_10.0.19041.1_en-us_28eefee5555bc47c\ntprint.dll.mui Handle ID: 0xb60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\print.exe.mui Handle ID: 0x1618 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userenvext.resources_31bf3856ad364e35_10.0.19041.1_en-us_96660d061e45297b\profext.dll.mui Handle ID: 0x1528 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..npeplugin.resources_31bf3856ad364e35_10.0.19041.1_en-us_fba6acc62f22d2b3\PnPUnattend.exe.mui Handle ID: 0x10e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..minkernel.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f7e552c79c688a7\prflbmsg.dll.mui Handle ID: 0x1124 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pshed.resources_31bf3856ad364e35_10.0.19041.1_en-us_498552201881e70c\pshed.dll.mui Handle ID: 0x11c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7d22aa39e59cfe75\rasautou.exe.mui Handle ID: 0x60c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7d22aa39e59cfe75\rasauto.dll.mui Handle ID: 0x12d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..-base-vpn.resources_31bf3856ad364e35_10.0.19041.1_en-us_1798d6af18f46a77\rasapi32.dll.mui Handle ID: 0xff8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnputil.resources_31bf3856ad364e35_10.0.19041.1_en-us_929eb5cc557f5194\pnputil.exe.mui Handle ID: 0xb90 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..p-raschap.resources_31bf3856ad364e35_10.0.19041.1_en-us_c78e49d648eafe5c\raschap.dll.mui Handle ID: 0x1af0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_10.0.19041.1_en-us_761f89bd7d6d7bf2\rasctrs.dll.mui Handle ID: 0xa48 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-raschap.resources_31bf3856ad364e35_10.0.19041.1_en-us_e4aa96fdb56002b4\raschapext.dll.mui Handle ID: 0xd10 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_14089ec954fee325\rasdiag.dll.mui Handle ID: 0xd14 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..rvice-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_d4a7415c510717a5\rasmans.dll.mui Handle ID: 0x1538 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..tymanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ea63625f109f122\rasmbmgr.dll.mui Handle ID: 0xc5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-profsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_1cad2165a3d16b35\profsvc.dll.mui Handle ID: 0x17d8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_9937e4f2c0954fcd\netmsg.dll.mui Handle ID: 0xda0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_e4333b5ebd7b1668\rdrleakdiag.exe.mui Handle ID: 0xf4c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_10.0.19041.1_en-us_ec5f97876b2bef00\powercfg.exe.mui Handle ID: 0x1310 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-recover.resources_31bf3856ad364e35_10.0.19041.1_en-us_19341bd8495fd344\recover.exe.mui Handle ID: 0x1848 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..anagement.resources_31bf3856ad364e35_10.0.19041.1_en-us_bb340319c9c94b55\powrprof.dll.mui Handle ID: 0x160c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\replace.exe.mui Handle ID: 0x162c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-regsvr32.resources_31bf3856ad364e35_10.0.19041.1_en-us_cf36865100575d06\regsvr32.exe.mui Handle ID: 0x1820 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..lientcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_95c525353ceeef67\resutils.dll.mui Handle ID: 0x142c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rastls.resources_31bf3856ad364e35_10.0.19041.1_en-us_652b6f63c7d7c5dd\rastlsext.dll.mui Handle ID: 0x1780 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..ap-rastls.resources_31bf3856ad364e35_10.0.19041.1_en-us_2a444baded9aa897\rastls.dll.mui Handle ID: 0x1188 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-propsys.resources_31bf3856ad364e35_7.0.19041.1_en-us_4a8890ed170f3fda\propsys.dll.mui Handle ID: 0x175c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\netiohlp.dll.mui Handle ID: 0xd74 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasrtutils.resources_31bf3856ad364e35_10.0.19041.1_en-us_9326bb2bb2334a5b\rtutils.dll.mui Handle ID: 0x106c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..intmapper.resources_31bf3856ad364e35_10.0.19041.1_en-us_a089d76598edf0e6\RpcEpMap.dll.mui Handle ID: 0x12c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\route.exe.mui Handle ID: 0x1ad8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..ne-editor.resources_31bf3856ad364e35_10.0.19041.1_en-us_698daebf9eb1b4d5\reg.exe.mui Handle ID: 0x1334 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_10.0.19041.1_en-us_02bc904438c2428c\rundll32.exe.mui Handle ID: 0xa88 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..to-rsaenh.resources_31bf3856ad364e35_10.0.19041.1_en-us_16a62acbc62312bf\rsaenh.dll.mui Handle ID: 0x928 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..tservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_7897f64125c10402\sacsess.exe.mui Handle ID: 0xbc0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..i-printui.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a72d2107dc73c0a\printui.dll.mui Handle ID: 0xba8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..tservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_7897f64125c10402\sacsvr.dll.mui Handle ID: 0x1040 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-robocopy.resources_31bf3856ad364e35_10.0.19041.1_en-us_6abbcc8b8fcc07e3\Robocopy.exe.mui Handle ID: 0x1a70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sechost.resources_31bf3856ad364e35_10.0.19041.1_en-us_93136f66ce7ffac1\sechost.dll.mui Handle ID: 0x1594 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-schannel.resources_31bf3856ad364e35_10.0.19041.1_en-us_9d11d42ad8409f53\schannel.dll.mui Handle ID: 0x14f8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refsutil.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa8d7acfdd7882d6\refsutil.exe.mui Handle ID: 0x1384 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rpc-local.resources_31bf3856ad364e35_10.0.19041.1_en-us_51acac215ce8b77d\rpcrt4.dll.mui Handle ID: 0xc78 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_87cbe14d4de4bd62\SHCore.dll.mui Handle ID: 0x1494 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_09c08624c36693a8\shlwapi.dll.mui Handle ID: 0x95c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ty-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc7274f372ed8e13\sfc.exe.mui Handle ID: 0x12ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shutdownux.resources_31bf3856ad364e35_10.0.19041.1_en-us_36aacb7f6bff451d\ShutdownUX.dll.mui Handle ID: 0x1844 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_10.0.19041.1_en-us_1fee549ac552b43c\services.exe.mui Handle ID: 0xa60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..rver-apis.resources_31bf3856ad364e35_10.0.19041.1_en-us_1540b052425beb5b\smbwmiv2.dll.mui Handle ID: 0x13ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smss.resources_31bf3856ad364e35_10.0.19041.1_en-us_9a5b45e6fe928308\smss.exe.mui Handle ID: 0x12d8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_en-us_50be0500bcbad1d2\smphost.dll.mui Handle ID: 0xdc0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_10.0.19041.1_en-us_870ec821d56378ca\sppnp.dll.mui Handle ID: 0x1308 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_10.0.19041.1_en-us_36f866b8332aaeff\srvsvc.dll.mui Handle ID: 0xdb8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_10.0.19041.1_en-us_36f866b8332aaeff\sscore.dll.mui Handle ID: 0x12e4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ineclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_02abb9877c778368\scecli.dll.mui Handle ID: 0x1378 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setupapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2051dad616bfbe07\setupapi.dll.mui Handle ID: 0x9a0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\subst.exe.mui Handle ID: 0x970 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_10.0.19041.1_en-us_0739fe5d46d729eb\svchost.exe.mui Handle ID: 0x978 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..vices-sam.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca714bf2ded4fd68\samsrv.dll.mui Handle ID: 0x12e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-svsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_68b9867325ec3faf\svsvc.dll.mui Handle ID: 0xda8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..mprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_155d8a8d329175f4\swprv.dll.mui Handle ID: 0x10f8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ionengine.resources_31bf3856ad364e35_10.0.19041.1_en-us_9f39397eb9eb1ed9\scesrv.dll.mui Handle ID: 0xd90 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasdlg.resources_31bf3856ad364e35_10.0.19041.1_en-us_6bff3fa1e7605439\rasdlg.dll.mui Handle ID: 0xdac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysclass.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfea6091084df19f\sysclass.dll.mui Handle ID: 0xd30 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tapi2xclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_9eff89d194dc48d3\tapi32.dll.mui Handle ID: 0x1758 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ntsbroker.resources_31bf3856ad364e35_10.0.19041.1_en-us_cd5e1703fb559393\SystemEventsBrokerServer.dll.mui Handle ID: 0x1150 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_en-us_a7c23b7b252bca10\sxstrace.exe.mui Handle ID: 0x11ec Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storprop.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e93e1af9be76663\Storprop.dll.mui Handle ID: 0xa2c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..e-rassstp.resources_31bf3856ad364e35_10.0.19041.1_en-us_9ed054c8f82d3c7c\sstpsvc.dll.mui Handle ID: 0x14c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_en-us_a7c23b7b252bca10\sxs.dll.mui Handle ID: 0x514 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-timebroker.resources_31bf3856ad364e35_10.0.19041.1_en-us_d0696e9a20fe5354\TimeBrokerServer.dll.mui Handle ID: 0x100c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef3b2554816b1504\sppc.dll.mui Handle ID: 0x1600 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_en-us_c10bc33ae3f4a3aa\TrustedSignalCredProv.dll.mui Handle ID: 0x898 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_422d1efffd701255\tracert.exe.mui Handle ID: 0xbd8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-takeown.resources_31bf3856ad364e35_10.0.19041.1_en-us_6c295aa8904b0eb1\takeown.exe.mui Handle ID: 0x1094 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapttls.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2a853e22d141a77\TtlsAuth.dll.mui Handle ID: 0x1268 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef3b2554816b1504\slc.dll.mui Handle ID: 0x126c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapttls.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2a853e22d141a77\TtlsCfg.dll.mui Handle ID: 0x1270 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..x-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_4a5d75c34ba6f636\TSSessionUX.dll.mui Handle ID: 0xa38 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.19041.1_en-us_823386dc6c818518\tcpipcfg.dll.mui Handle ID: 0x17e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasmontr.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5d2edf4eb729cbc\rasmontr.dll.mui Handle ID: 0x1260 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l..skmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_a52a78f85b7ec197\taskmgr.exe.mui Handle ID: 0xbc8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..atahelper.resources_31bf3856ad364e35_10.0.19041.1_en-us_eb00c854b52e87c6\tdh.dll.mui Handle ID: 0x15f4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..erservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_a6b88435313203cc\umpo.dll.mui Handle ID: 0x111c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f2bb353038d1523\unlodctr.exe.mui Handle ID: 0x15f8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userenv.resources_31bf3856ad364e35_10.0.19041.1_en-us_79e35164c2cf79d2\userenv.dll.mui Handle ID: 0x1108 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_10.0.19041.1_en-us_45e1b3af71b01941\userinit.exe.mui Handle ID: 0x15fc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userinitext.resources_31bf3856ad364e35_10.0.19041.1_en-us_94f4ba71a45d6fd4\userinitext.dll.mui Handle ID: 0x18e4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-system-user-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_22e0c92c7b30cdfd\usermgr.dll.mui Handle ID: 0xbe0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-umpnpmgr.resources_31bf3856ad364e35_10.0.19041.1_en-us_1bd351c127f6d03f\umpnpmgr.dll.mui Handle ID: 0xbe4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_c072fc43c852c692\UIAutomationCore.dll.mui Handle ID: 0x198c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_7bc14662e1d6e4fc\utcutil.dll.mui Handle ID: 0xfbc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_10.0.19041.1_en-us_f6d3d801594c601f\utildll.dll.mui Handle ID: 0xd84 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_cbfdd178d867fd99\vdsbas.dll.mui Handle ID: 0xde4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-uxtheme.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc110ce9e60367ee\uxtheme.dll.mui Handle ID: 0x1300 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_5801e9f68bdc3d85\vds.exe.mui Handle ID: 0x1560 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3ef054dca7ac088\user32.dll.mui Handle ID: 0x1a20 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..kprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_e72971a2c1f6c25b\vdsvd.dll.mui Handle ID: 0x1228 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_da49ed797c177968\vdsdyn.dll.mui Handle ID: 0x998 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..timezones.resources_31bf3856ad364e35_10.0.19041.1_en-us_39665f8e21240c1b\tzres.dll.mui Handle ID: 0xc94 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.0.19041.1_en-us_586539fbebb0cc9c\urlmon.dll.mui Handle ID: 0xce8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..component.resources_31bf3856ad364e35_10.0.19041.1_en-us_f5f9b416a9f26530\Websocket.dll.mui Handle ID: 0x830 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssapi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_e3b5e59f30ca6174\vsstrace.dll.mui Handle ID: 0x1638 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-d..ier-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_830af9ea9aba3650\verifier.exe.mui Handle ID: 0x1710 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webio.resources_31bf3856ad364e35_10.0.19041.1_en-us_b56aa669d807b6f4\webio.dll.mui Handle ID: 0xddc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c7d6d4ece1acf99\WerFaultSecure.exe.mui Handle ID: 0xa04 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9049899d62a0e4d\wer.dll.mui Handle ID: 0x12f4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9c7ae36f6e0f219\wevtapi.dll.mui Handle ID: 0xe2c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_38e91adb05b98d4f\wersvc.dll.mui Handle ID: 0x15f0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..rverifier.resources_31bf3856ad364e35_10.0.19041.1_en-us_21ae65cdb04194d8\verifiergui.exe.mui Handle ID: 0x18c8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c7d6d4ece1acf99\WerFault.exe.mui Handle ID: 0x990 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-time-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_08f6da56337b289b\w32time.dll.mui Handle ID: 0x14b0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog.resources_31bf3856ad364e35_10.0.19041.1_en-us_53f7dd16602c8a90\wevtsvc.dll.mui Handle ID: 0x954 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..er-common.resources_31bf3856ad364e35_10.0.19041.1_en-us_fbb670ada24a4e33\Windows.FileExplorer.Common.dll.mui Handle ID: 0x141c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_5801e9f68bdc3d85\vdsutil.dll.mui Handle ID: 0x1028 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wincredui.resources_31bf3856ad364e35_10.0.19041.1_en-us_61e25015a031831a\wincredui.dll.mui Handle ID: 0x820 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimgapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_cf48a18a5fdfb544\wimgapi.dll.mui Handle ID: 0x1344 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ontroller.resources_31bf3856ad364e35_10.0.19041.1_en-us_e1322100908d69a1\Windows.UI.CredDialogController.dll.mui Handle ID: 0xfb0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winbio.resources_31bf3856ad364e35_10.0.19041.1_en-us_51cbd1658a9e8304\winbio.dll.mui Handle ID: 0xb68 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb569e49a9e4cc22\wininit.exe.mui Handle ID: 0x17a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-win32kbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_d6afa8b21943e171\win32kbase.sys.mui Handle ID: 0x17ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..mmandline.resources_31bf3856ad364e35_10.0.19041.1_en-us_ea8a56fd969c14c6\wevtutil.exe.mui Handle ID: 0x16e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..core-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_201c821693305023\winmmbase.dll.mui Handle ID: 0x16d8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.19041.1_en-us_65e4d1beb3d1f96f\winhttp.dll.mui Handle ID: 0x16d4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_11.0.19041.1_en-us_0233336163e096a7\wininet.dll.mui Handle ID: 0x11f8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_dbfd617ca96275f5\winpeshl.exe.mui Handle ID: 0xfdc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..temclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_882f8b99a2f630ef\WinSCard.dll.mui Handle ID: 0x1548 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_10.0.19041.1_en-us_63ce793a38227711\winsockhc.dll.mui Handle ID: 0x1524 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntdll.resources_31bf3856ad364e35_10.0.19041.1_en-us_1e85c098fb7f7a14\ntdll.dll.mui Handle ID: 0xe94 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_6e70c9a2dd0624b1\wintypes.dll.mui Handle ID: 0x16ec Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanutil.resources_31bf3856ad364e35_10.0.19041.1_en-us_19ec72bf503086d4\wlanutil.dll.mui Handle ID: 0xf44 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3ba4d44a3c97f27\winsrv.dll.mui Handle ID: 0x14a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_10.0.19041.1_en-us_80e99f0ea373f8b5\winlogon.exe.mui Handle ID: 0xa20 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..t-storage.resources_31bf3856ad364e35_10.0.19041.1_en-us_6910ea60b47c64f0\windows.storage.dll.mui Handle ID: 0x840 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ldap-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_915cf6e0c6649f87\wldap32.dll.mui Handle ID: 0x904 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..winmmbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_86ddc39268efcf81\winmm.dll.mui Handle ID: 0x1864 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_193efb2cb0113a35\wmiprop.dll.mui Handle ID: 0x10a0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wldp.resources_31bf3856ad364e35_10.0.19041.1_en-us_e1df6e92b40dd5f7\wldp.dll.mui Handle ID: 0x10d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ngsclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_b45a35e2ca3bc553\wosc.dll.mui Handle ID: 0x1b54 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..onservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_4d9899a205ad9bf0\wkssvc.dll.mui Handle ID: 0x165c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_10.0.19041.1_en-us_191f132b3e6a20ca\wship6.dll.mui Handle ID: 0x1a68 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_10.0.19041.1_en-us_191f132b3e6a20ca\wshtcpip.dll.mui Handle ID: 0x1394 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_dbfd617ca96275f5\wpeutil.dll.mui Handle ID: 0x15a0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_10.0.19041.1_en-us_63ce793a38227711\wshelper.dll.mui Handle ID: 0xe84 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ck-legacy.resources_31bf3856ad364e35_10.0.19041.1_en-us_01acc92f39697d8a\wsock32.dll.mui Handle ID: 0x12a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ure-ws232.resources_31bf3856ad364e35_10.0.19041.1_en-us_c4008a5924567538\ws2_32.dll.mui Handle ID: 0xc30 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..er-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_7a8494abb092d578\winspool.drv.mui Handle ID: 0x8b4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ocale-nls.resources_31bf3856ad364e35_10.0.19041.1_en-us_92f5de385d9dc263\winnlsres.dll.mui Handle ID: 0x14ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_c4a82d26159d7480\webservices.dll.mui Handle ID: 0xed8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shell32.resources_31bf3856ad364e35_10.0.19041.1_en-us_0f9ad41d78392a6f\shell32.dll.mui Handle ID: 0x1768 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..libraries.resources_31bf3856ad364e35_10.0.19041.1_en-us_e9d5d1b37e0ee7d0\ulib.dll.mui Handle ID: 0x1070 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_en-us_a7c23b7b252bca10\SxsMigPlugin.dll.mui Handle ID: 0x143c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_10.0.19041.1_en-us_f30bd101c4a20012\kernel32.dll.mui Handle ID: 0xb88 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_2e0dc83355e5b510\KernelBase.dll.mui Handle ID: 0x14cc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_en-us_50be0500bcbad1d2\mispace_uninstall.mfl Handle ID: 0x1294 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_en-us_50be0500bcbad1d2\mispace.mfl Handle ID: 0x155c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi_passthru_uninstall.mfl Handle ID: 0xd78 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\ncprov.mfl Handle ID: 0xe14 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..rver-apis.resources_31bf3856ad364e35_10.0.19041.1_en-us_1540b052425beb5b\smbwmiv2.mfl Handle ID: 0xe5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\ScrCons.mfl Handle ID: 0xf70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\subscrpt.mfl Handle ID: 0x808 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\smtpcons.mfl Handle ID: 0x1a74 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\wmi.mfl Handle ID: 0xf28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\secrcw32.mfl Handle ID: 0x1a78 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\WbemCons.mfl Handle ID: 0x9d8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\interop.mfl Handle ID: 0x1a7c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\wmipcima.mfl Handle ID: 0x1044 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\system.mfl Handle ID: 0x1064 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..owershell.resources_31bf3856ad364e35_10.0.19041.1_en-us_84bc5f488e890c95\SmbLocalization.psd1 Handle ID: 0x1074 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\cimwin32.mfl Handle ID: 0xc14 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_0f8924c0debe64e4.cdf-ms Handle ID: 0x177c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_en-us_da440b72296cc45e.cdf-ms Handle ID: 0xd64 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_resources_en-us_3393f588464e4d11.cdf-ms Handle ID: 0x1458 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms Handle ID: 0x19b4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms Handle ID: 0xf14 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_help_mui_0409_c7942094fabea651.cdf-ms Handle ID: 0x1988 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_en-us_0ef70046e1d1b811.cdf-ms Handle ID: 0x1964 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms Handle ID: 0x149c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_lsm_0409_b44cb59d03cf68aa.cdf-ms Handle ID: 0xf48 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_lsm_b45be09c559d6e1d.cdf-ms Handle ID: 0x1ae8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_remoteaccess_0409_86bc979ae65d5e96.cdf-ms Handle ID: 0x1ae4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_remoteaccess_110554180baafc8b.cdf-ms Handle ID: 0x1380 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms Handle ID: 0x7bc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms Handle ID: 0x181c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms Handle ID: 0x161c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_resources_themes_aero_en-us_ab16867f204414fa.cdf-ms Handle ID: 0x1624 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_0409_06652563df2ff0c1.cdf-ms Handle ID: 0xd8c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms Handle ID: 0xe3c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_boot_en-us_bd4746182a790f00.cdf-ms Handle ID: 0x97c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_diagsvcs_dd4fddd4aaa5e8ac.cdf-ms Handle ID: 0xdc4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_diagsvcs_en-us_30b82d6497b06504.cdf-ms Handle ID: 0x1428 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_dism_en-us_064f3ab06d0848d3.cdf-ms Handle ID: 0x1520 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_dism_066548addf2fbd4b.cdf-ms Handle ID: 0x1aec Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_umdf_en-us_b8ba9f5b7f1c3933.cdf-ms Handle ID: 0xa78 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_migration_en-us_815d10948a0810a2.cdf-ms Handle ID: 0x1994 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_mui_0409_ecc96e0e9498d62e.cdf-ms Handle ID: 0x1998 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_oobe_en-us_e44fe14df02b3595.cdf-ms Handle ID: 0x11fc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_setup_5d3758a05cf4a445.cdf-ms Handle ID: 0x1634 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_setup_en-us_afa35959583f5dbd.cdf-ms Handle ID: 0xbb0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_sysprep_en-us_ed807a30a752749a.cdf-ms Handle ID: 0x17f0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_smbshare_en-us_afb84194eaac32a1.cdf-ms Handle ID: 0x15e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_smbshare_b160c489ca4b107d.cdf-ms Handle ID: 0x19d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_dism_en-us_c5f337028c1b1b59.cdf-ms Handle ID: 0x13b8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_dism_1bf2381fbb30eb13.cdf-ms Handle ID: 0x1444 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_triedit_en-us_59ae2daa07429081.cdf-ms Handle ID: 0x1a2c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_system_ado_en-us_9c12689ac1360dc2.cdf-ms Handle ID: 0xb20 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_system_msadc_en-us_58bb034fa66b57cc.cdf-ms Handle ID: 0xf38 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_system_ole_db_en-us_5ff73071fce05070.cdf-ms Handle ID: 0x1978 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nputpanel-languages_31bf3856ad364e35_10.0.19041.1_none_755485689bff7973\tipresx.dll Handle ID: 0x1078 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_10.0.19041.1_en-us_b30606e73c3e9798\TabTip.exe.mui Handle ID: 0x90c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..tkeyboard.resources_31bf3856ad364e35_10.0.19041.1_en-us_9e1a6f1ae580eb2b\tabskb.dll.mui Handle ID: 0x17a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\auxpad.xml Handle ID: 0x1078 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\insert.xml Handle ID: 0xf7c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_c7530040e79a9aee\TipTsf.dll.mui Handle ID: 0xf54 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\keypad.xml Handle ID: 0x1178 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskclearui.xml Handle ID: 0xa28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskmenu.xml Handle ID: 0x10ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknav.xml Handle ID: 0x12b4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknumpad.xml Handle ID: 0x10c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_en-us_68ce1881981b1956\tipresx.dll.mui Handle ID: 0xe6c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskpred.xml Handle ID: 0x1a30 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\symbols.xml Handle ID: 0x17c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\auxbase.xml Handle ID: 0xbac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\keypadbase.xml Handle ID: 0xfa4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\insertbase.xml Handle ID: 0x11b0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ea.xml Handle ID: 0x1008 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\kor-kor.xml Handle ID: 0x12b4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\baseAltGr_rtl.xml Handle ID: 0x10ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base.xml Handle ID: 0xa28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_heb.xml Handle ID: 0x1178 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_altgr.xml Handle ID: 0x1a30 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_jpn.xml Handle ID: 0xe6c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_kor.xml Handle ID: 0x10c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_ca.xml Handle ID: 0x1650 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_rtl.xml Handle ID: 0xef4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_10.0.19041.1_en-us_b30606e73c3e9798\TipRes.dll.mui Handle ID: 0x1210 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskclearuibase.xml Handle ID: 0x10ec Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskmenubase.xml Handle ID: 0x16e4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknavbase.xml Handle ID: 0xbb8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknumpadbase.xml Handle ID: 0x1b64 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskpredbase.xml Handle ID: 0x99c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ea-sym.xml Handle ID: 0xcc8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\zh-changjei.xml Handle ID: 0xd20 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ja-jp-sym.xml Handle ID: 0xd5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\zh-dayi.xml Handle ID: 0x159c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\main.xml Handle ID: 0xd34 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\zh-phonetic.xml Handle ID: 0x1804 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ko-kr.xml Handle ID: 0xffc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ja-jp.xml Handle ID: 0xe44 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\symbase.xml Handle ID: 0x19f0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_3657e07d684f0581\RecEnv.exe.mui Handle ID: 0x11d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_3657e07d684f0581\StartRep.exe.mui Handle ID: 0xd38 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.19041.1_none_7e470436241a018f\hh.exe Handle ID: 0x19c8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-dvd-efi_31bf3856ad364e35_10.0.19041.1_none_8b38a4d923e0a37e\BCD Handle ID: 0x14d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nvironment-dvd-pcat_31bf3856ad364e35_10.0.19041.1_none_5008dee6cfdc303c\BCD Handle ID: 0xb2c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..d-bootfix.resources_31bf3856ad364e35_10.0.19041.1_en-us_4ff5f1d54e8346ca\bootfix.bin Handle ID: 0x1408 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..onment-dvd-etfsboot_31bf3856ad364e35_10.0.19041.1_none_dc4e5ab15169832e\etfsboot.com Handle ID: 0xbb8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.19041.1_none_c780234a16dfd399\TabTip.exe Handle ID: 0x1210 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.19041.1_none_7feeab380f6fb6aa\RecEnv.exe Handle ID: 0xef4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_10.0.19041.1_none_d29e3857b870499d\tiptsf.dll Handle ID: 0x1650 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.19041.1_none_c780234a16dfd399\TipRes.dll Handle ID: 0x10c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.19041.1_none_7feeab380f6fb6aa\StartRep.exe Handle ID: 0xe6c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.19041.1_none_c780234a16dfd399\tipskins.dll Handle ID: 0x1a30 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nvironment-dvd-pcat_31bf3856ad364e35_10.0.19041.1_none_5008dee6cfdc303c\boot.sdi Handle ID: 0x1178 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-dvd-efi_31bf3856ad364e35_10.0.19041.1_none_8b38a4d923e0a37e\boot.sdi Handle ID: 0xa28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_10.0.19041.1_en-us_6b3f542b20656524\hh.exe.mui Handle ID: 0x10ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ironment-dvd-efisys_31bf3856ad364e35_10.0.19041.1_none_1891f4ff823a4461\efisys_noprompt.bin Handle ID: 0x12b4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ironment-dvd-efisys_31bf3856ad364e35_10.0.19041.1_none_1891f4ff823a4461\efisys.bin Handle ID: 0x1008 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b018d9a63164212\sapisvr.exe.mui Handle ID: 0xfa4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-speechcommonnoia64_31bf3856ad364e35_10.0.19041.1_none_b89a948362edb3e7\sapisvr.exe Handle ID: 0xb60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\M1033ZIR.INI Handle ID: 0x108c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\M1033ZIR.Keyboard.NUS Handle ID: 0x18e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1_none_8591bd54bdb2be6f\AtBroker.exe Handle ID: 0x18ec Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\audioresourceregistrar.dll Handle ID: 0x15ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmcss_31bf3856ad364e35_10.0.19041.1_none_0d89446c82e7b332\avrt.dll Handle ID: 0x1938 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-engine-proxy-main_31bf3856ad364e35_10.0.19041.1_none_5a93d463d29ea477\blbres.dll Handle ID: 0xff8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-ui-libs_31bf3856ad364e35_10.0.19041.1_none_f1a66ceadc1ac5a7\bdeui.dll Handle ID: 0xd10 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_10.0.19041.1_none_87e54edbaf62ca00\bderepair.dll Handle ID: 0xa48 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ondata-wmi-provider_31bf3856ad364e35_10.0.19041.1_none_6658ea421c6ab115\bcdprov.dll Handle ID: 0x9e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-engine-proxy-main_31bf3856ad364e35_10.0.19041.1_none_5a93d463d29ea477\blb_ps.dll Handle ID: 0x12b4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcp47languages_31bf3856ad364e35_10.0.19041.1_none_505b5b44763139f0\BCP47mrm.dll Handle ID: 0x12d4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..iocorepolicymanager_31bf3856ad364e35_10.0.19041.1_none_fe4e5b7cbac78006\AudioSrvPolicyManager.dll Handle ID: 0x1414 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\AUDIOKSE.dll Handle ID: 0xfb8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcp47languages_31bf3856ad364e35_10.0.19041.1_none_505b5b44763139f0\BCP47Langs.dll Handle ID: 0xd14 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\audiodg.exe Handle ID: 0x12d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-cloudrec_31bf3856ad364e35_10.0.19041.1_none_fce31da777d54f96\CloudRecApi.dll Handle ID: 0x60c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootmenuux_31bf3856ad364e35_10.0.19041.1_none_aad2a22bb4bb6bb7\BootMenuUX.dll Handle ID: 0xe48 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakrathunk.dll Handle ID: 0x14cc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.19041.1_none_7feeab380f6fb6aa\BootRec.exe Handle ID: 0x90c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakradiag.dll Handle ID: 0x1804 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-disasterrecoveryui_31bf3856ad364e35_10.0.19041.1_none_ef4afdf204e52ca3\bmrui.exe Handle ID: 0xae4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-cloudrec_31bf3856ad364e35_10.0.19041.1_none_fce31da777d54f96\CloudRecSvc.exe Handle ID: 0x1570 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\AudioEndpointBuilder.dll Handle ID: 0x844 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..diopolicymanagerext_31bf3856ad364e35_10.0.19041.1_none_4c67ee16a4c91364\coreaudiopolicymanagerext.dll Handle ID: 0x11c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\tabskb.dll Handle ID: 0x1124 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..onentpackagesupport_31bf3856ad364e35_10.0.19041.1_none_15ad78a57833209d\CompPkgSup.dll Handle ID: 0x10e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..onentpackagesupport_31bf3856ad364e35_10.0.19041.1_none_15ad78a57833209d\CompPkgSrv.exe Handle ID: 0x180c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\cscript.exe Handle ID: 0x1834 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\CoreMas.dll Handle ID: 0x19c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.1_none_740ee67443167eb4\DetailedReading-Default.xml Handle ID: 0x94c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\dispex.dll Handle ID: 0x99c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore-client_31bf3856ad364e35_10.0.19041.1_none_7fa0f248f62ae8e5\AudioSes.dll Handle ID: 0xb90 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\AudioEng.dll Handle ID: 0xe50 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dskquota_31bf3856ad364e35_10.0.19041.1_none_34047f8253bab333\dskquota.dll Handle ID: 0xa50 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\audiosrv.dll Handle ID: 0x19a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..tartup-fverecoverux_31bf3856ad364e35_10.0.19041.1_none_0520717b3afe6966\fverecoverux.dll Handle ID: 0xb24 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.19041.1_none_7e470436241a018f\hhsetup.dll Handle ID: 0xf64 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hbaapi_31bf3856ad364e35_10.0.19041.1_none_ff04ba67127d59fe\hbaapi.dll Handle ID: 0x950 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-framedyn-dll_31bf3856ad364e35_10.0.19041.1_none_e2db8e255af62a10\framedyn.dll Handle ID: 0xf58 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\imaadp32.acm Handle ID: 0xd34 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-ui-libs_31bf3856ad364e35_10.0.19041.1_none_f1a66ceadc1ac5a7\fveui.dll Handle ID: 0x10ec Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\framedynos.dll Handle ID: 0xf8c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\M1033ZIR.APM Handle ID: 0x89c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.19041.1_none_7e470436241a018f\hhctrl.ocx Handle ID: 0xd7c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..w-kernelsupportuser_31bf3856ad364e35_10.0.19041.1_none_1b632b5bb5339e8b\ksuser.dll Handle ID: 0x19c8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-u..latform-facilitator_31bf3856ad364e35_10.0.19041.1_none_48593f2800494004\Facilitator.dll Handle ID: 0x1980 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ux-winre.deployment_31bf3856ad364e35_10.0.19041.1_none_1c71373ee04f3e91\bootux.dll Handle ID: 0xd38 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\MdSched.exe Handle ID: 0x10c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-tool-exe_31bf3856ad364e35_10.0.19041.1_none_b00bcb3b56b3d8e3\manage-bde.exe Handle ID: 0x17c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winomi-mibincodec-dll_31bf3856ad364e35_10.0.19041.1_none_fe8b95190d24914f\mibincodec.dll Handle ID: 0xf54 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-mi-dll_31bf3856ad364e35_10.0.19041.1_none_40324f0aaf4bb80e\mi.dll Handle ID: 0xeac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\msadp32.acm Handle ID: 0xa9c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directshow-dmo_31bf3856ad364e35_10.0.19041.1_none_d0874ed19e069aca\msdmo.dll Handle ID: 0xab0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_11.0.19041.1_none_6cc270f3015bbb5f\jscript.dll Handle ID: 0xebc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winomi-mimofcodec-dll_31bf3856ad364e35_10.0.19041.1_none_fb771fecc6c2f05c\mimofcodec.dll Handle ID: 0xe9c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.0.19041.1_none_2e0c150bc7e8db08\jscript9diag.dll Handle ID: 0x1740 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_10.0.19041.1_none_96d696a28066f556\msacm32.dll Handle ID: 0x1744 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\msg711.acm Handle ID: 0xea4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\msgsm32.acm Handle ID: 0x1204 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-miutils-dll_31bf3856ad364e35_10.0.19041.1_none_2135df93bd1c37f3\miutils.dll Handle ID: 0x1364 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh_31bf3856ad364e35_10.0.19041.1_none_5f5d6355fa237622\NarratorControlTemplates.xml Handle ID: 0xcfc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\ncobjapi.dll Handle ID: 0xa08 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmdeviceapi_31bf3856ad364e35_10.0.19041.1_none_0af5511b58bf6105\MMDevAPI.dll Handle ID: 0xf78 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netman_31bf3856ad364e35_10.0.19041.1_none_c5ae2919f12d59ae\netman.dll Handle ID: 0xe4c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.1_none_740ee67443167eb4\Narrator.exe Handle ID: 0x13dc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..scoveryprovider-dll_31bf3856ad364e35_10.0.19041.1_none_299ab6bfeef8f0b6\psmodulediscoveryprovider.mof Handle ID: 0xe98 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..scoveryprovider-dll_31bf3856ad364e35_10.0.19041.1_none_299ab6bfeef8f0b6\PSModuleDiscoveryProvider.dll Handle ID: 0x1b5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-prvdmofcomp-dll_31bf3856ad364e35_10.0.19041.1_none_8db513659285c3e1\prvdmofcomp.dll Handle ID: 0x15c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ter-cimprovider-exe_31bf3856ad364e35_10.0.19041.1_none_193aab8d8b539746\Register-CimProvider.exe Handle ID: 0xfc8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetEngInterfaces.exe Handle ID: 0x17c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetEngine.exe Handle ID: 0x1128 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_10.0.19041.1_none_87e54edbaf62ca00\repair-bde.exe Handle ID: 0x17a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\remoteaudioendpoint.dll Handle ID: 0xe44 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.19041.1_none_3a6d07f552fecc2c\recdisc.exe Handle ID: 0xbac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetPluginHost.exe Handle ID: 0x1618 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\resetengmig.dll Handle ID: 0x1528 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_10.0.19041.1_none_70bdab680f410083\ReInfo.dll Handle ID: 0x1a7c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-provider-common_31bf3856ad364e35_10.0.19041.1_none_5e30d23f787e0374\provthrd.dll Handle ID: 0x1078 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rtworkq_31bf3856ad364e35_10.0.19041.1_none_a3df82b8c8699995\RTWorkQ.dll Handle ID: 0x1178 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.1_none_fcd0dd6b529c84a4\rstrui.exe Handle ID: 0xa28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\scrobj.dll Handle ID: 0x19f0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\scrrun.dll Handle ID: 0x156c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.1_none_fcd0dd6b529c84a4\srclient.dll Handle ID: 0x158c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\srms62.dat Handle ID: 0xad8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\SpatialAudioLicenseSrv.exe Handle ID: 0xe70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\srms.dat Handle ID: 0x1a60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-srhelper_31bf3856ad364e35_10.0.19041.1_none_64d5657ff9db1846\srhelper.dll Handle ID: 0x14d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmibdll_31bf3856ad364e35_10.0.19041.1_none_0c1cf805b0009dfb\tcpmib.dll Handle ID: 0x19b0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh_31bf3856ad364e35_10.0.19041.1_none_5f5d6355fa237622\tier2punctuations.dll Handle ID: 0xef4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-coreprovisioning_31bf3856ad364e35_10.0.19041.1_none_ed55affe15aaa25d\TpmCertResources.dll Handle ID: 0xcc8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main_31bf3856ad364e35_10.0.19041.1_none_9a3804454c3a5688\sxproxy.dll Handle ID: 0xd20 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main_31bf3856ad364e35_10.0.19041.1_none_9a3804454c3a5688\spp.dll Handle ID: 0xd5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-tbs_31bf3856ad364e35_10.0.19041.1_none_a4a8e27917b1d4a2\tbs.dll Handle ID: 0x1a04 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.1_none_fcd0dd6b529c84a4\srcore.dll Handle ID: 0xe6c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\sysreset.exe Handle ID: 0x1a30 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_10.0.19041.1_none_70bdab680f410083\ReAgent.dll Handle ID: 0x18cc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..mage-capture-wizard_31bf3856ad364e35_10.0.19041.1_none_1ec3161d843d5b3a\wdscapture.inf Handle ID: 0xbb8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\reseteng.dll Handle ID: 0x1a70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ient-server-library_31bf3856ad364e35_10.0.19041.1_none_bc61472ad685eded\wdscsl.dll Handle ID: 0x834 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ervices-diagnostics_31bf3856ad364e35_10.0.19041.1_none_f02917edd6b0bfcc\WdsDiag.dll Handle ID: 0x14e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_10.0.19041.1_none_003f59aa850fa682\wdmaud.drv Handle ID: 0xcac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main_31bf3856ad364e35_10.0.19041.1_none_0145eaa42e633edc\wbadmin.exe Handle ID: 0x93c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.0.19041.1_none_323c8bab381e679b\vbscript.dll Handle ID: 0x17f8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ent-services-client_31bf3856ad364e35_10.0.19041.1_none_664cd6788b0cef8f\wdsclient.exe Handle ID: 0x110c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_10.0.19041.1_none_b96c3b80c28ff316\wbemcomn.dll Handle ID: 0x12a4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingui_31bf3856ad364e35_10.0.19041.1_none_84563820a174d447\werui.dll Handle ID: 0x176c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..mage-capture-wizard_31bf3856ad364e35_10.0.19041.1_none_1ec3161d843d5b3a\wdscapture.exe Handle ID: 0x18f4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-coreprovisioning_31bf3856ad364e35_10.0.19041.1_none_ed55affe15aaa25d\TpmCoreProvisioning.dll Handle ID: 0x19ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..es-transport-client_31bf3856ad364e35_10.0.19041.1_none_c71ec3231539568b\wdstptc.dll Handle ID: 0x16e4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..e-oc-srt-background_31bf3856ad364e35_10.0.19041.1_none_9eecd591ca795bd6\winre.jpg Handle ID: 0x11b0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-devices-midi_31bf3856ad364e35_10.0.19041.1_none_a0cb30e63b04963c\Windows.Devices.Midi.dll Handle ID: 0xd70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-media-devices_31bf3856ad364e35_10.0.19041.1_none_3158669b7ec140d9\Windows.Media.Devices.dll Handle ID: 0x1900 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..vices-image-library_31bf3856ad364e35_10.0.19041.1_none_34496984ddfad865\WdsImage.dll Handle ID: 0x1b64 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\MSTTSLocEnUS.dat Handle ID: 0x186c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-xaudio2_8_31bf3856ad364e35_10.0.19041.1_none_fc734b41dc885462\XAudio2_8.dll Handle ID: 0x1af0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\wshcon.dll Handle ID: 0xad0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools_31bf3856ad364e35_10.0.19041.1_none_8dec776522fcecde\WmiMgmt.msc Handle ID: 0xffc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_fd6813e5c3d1c883\WmiMgmt.msc Handle ID: 0x1620 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-wmidcom-dll_31bf3856ad364e35_10.0.19041.1_none_f19aad0842d9271a\wmidcom.dll Handle ID: 0x1008 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\wshom.ocx Handle ID: 0x11d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\wscript.exe Handle ID: 0x12c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..adapter-wmitomi-dll_31bf3856ad364e35_10.0.19041.1_none_313d4e2c5675f9d4\wmitomi.dll Handle ID: 0xa30 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_10.0.19041.1_none_99d3037b9f1d6f54\wbengine.exe Handle ID: 0x10ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..es-multicast-client_31bf3856ad364e35_10.0.19041.1_none_6c83ecde752dfd52\wdsmcast.exe Handle ID: 0x1408 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssservice_31bf3856ad364e35_10.0.19041.1_none_10bddbfab734fa42\VSSVC.exe Handle ID: 0xfac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetEngine.dll Handle ID: 0xefc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d2d_31bf3856ad364e35_10.0.19041.1_none_5d8df447fb4e7fad\d2d1.dll Handle ID: 0xf0c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-xaudio2_9_31bf3856ad364e35_10.0.19041.1_none_fc744b8bdc876db9\XAudio2_9.dll Handle ID: 0x13a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.0.19041.1_none_2e0c150bc7e8db08\jscript9.dll Handle ID: 0x17b0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakra.dll Handle ID: 0xb2c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh_31bf3856ad364e35_10.0.19041.1_none_5f5d6355fa237622\SRH.dll Handle ID: 0x1138 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..storage-classdriver_31bf3856ad364e35_10.0.19041.1_none_13e0a2d70bde69d7\EhStorClass.sys Handle ID: 0x19c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filetracefilter_31bf3856ad364e35_10.0.19041.1_none_b0b561660c7b5f0c\filetrace.sys Handle ID: 0xa98 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmcss_31bf3856ad364e35_10.0.19041.1_none_0d89446c82e7b332\mmcss.sys Handle ID: 0x14bc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-tbs_31bf3856ad364e35_10.0.19041.1_none_a4a8e27917b1d4a2\tbs.sys Handle ID: 0xe40 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ehstortcgdrv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9fd4a542f83c4a3\EhStorTcgDrv.sys.mui Handle ID: 0x19bc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_audioendpoint.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d71c466ec187ae9b\AudioEndpoint.inf_loc Handle ID: 0x9c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ehstortcgdrv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9fd4a542f83c4a3\EhStorTcgDrv.inf_loc Handle ID: 0xb14 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hdaudss.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_53a41a6f21f92bbe\hdaudss.inf_loc Handle ID: 0x1418 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hdaudio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_979015a3cb75e148\hdaudio.inf_loc Handle ID: 0x18ec Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_rawsilo.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a313c95fcf95ba21\rawsilo.inf_loc Handle ID: 0x18e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdmaudiocoresystem.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4fec1f921fe386e\wdmaudioCoreSystem.inf_loc Handle ID: 0x1938 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdma_usb.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5fc5aab9f0e92cb4\wdma_usb.inf_loc Handle ID: 0x15ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_10.0.19041.1_en-us_da7fa0fdb9bb1da2\audiodg.exe.mui Handle ID: 0x145c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_10.0.19041.1_en-us_da7fa0fdb9bb1da2\AudioEndpointBuilder.dll.mui Handle ID: 0xff8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_10.0.19041.1_en-us_da7fa0fdb9bb1da2\AudioSrv.dll.mui Handle ID: 0xa48 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mmcss.resources_31bf3856ad364e35_10.0.19041.1_en-us_63bb7612d6a0dd5a\avrt.dll.mui Handle ID: 0xc58 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_3657e07d684f0581\BootRec.exe.mui Handle ID: 0xb88 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..re-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_3a6ceafd04278b58\AudioSes.dll.mui Handle ID: 0x9b0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-cloudrec.resources_31bf3856ad364e35_10.0.19041.1_en-us_e9e41542bbce4eef\CloudRecApi.dll.mui Handle ID: 0x12d4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-cloudrec.resources_31bf3856ad364e35_10.0.19041.1_en-us_e9e41542bbce4eef\CloudRecSvc.exe.mui Handle ID: 0x12b4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootux-winre.resources_31bf3856ad364e35_10.0.19041.1_en-us_f4345854daf75697\bootux.dll.mui Handle ID: 0x9e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ecoveryui.resources_31bf3856ad364e35_10.0.19041.1_en-us_427c213dea78ff80\bmrui.exe.mui Handle ID: 0x108c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\cscript.exe.mui Handle ID: 0xb60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dskquota.resources_31bf3856ad364e35_10.0.19041.1_en-us_b6f5c1b7fef92fe4\dskquota.dll.mui Handle ID: 0xfa4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..roxy-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_3813956db567ed0e\blbres.dll.mui Handle ID: 0x1210 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..p-ui-libs.resources_31bf3856ad364e35_10.0.19041.1_en-us_85d6fd46092ef1b0\fveui.dll.mui Handle ID: 0x1650 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..recoverux.resources_31bf3856ad364e35_10.0.19041.1_en-us_d665fd376089f50b\fverecoverux.dll.mui Handle ID: 0x159c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\imaadp32.acm.mui Handle ID: 0xabc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_10.0.19041.1_en-us_6b3f542b20656524\hhctrl.ocx.mui Handle ID: 0x1b18 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_11.0.19041.1_en-us_3dd913b790a1c668\jscript.dll.mui Handle ID: 0xf60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..-schedule.resources_31bf3856ad364e35_10.0.19041.1_en-us_adc1cc9a65b0c63b\MdSched.exe.mui Handle ID: 0xf7c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-mi-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_4c452fec1d11e8e7\mi.dll.mui Handle ID: 0x870 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.0.19041.1_en-us_cb9db6178247f4cd\jscript9.dll.mui Handle ID: 0x1a58 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmdeviceapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_7dd53bd9a45027d6\MMDevAPI.dll.mui Handle ID: 0x12cc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..codec-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_9dd80637a0a77432\mimofcodec.dll.mui Handle ID: 0x1450 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\msadp32.acm.mui Handle ID: 0x1998 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_10.0.19041.1_en-us_0f9ff912a35a13a1\msacm32.dll.mui Handle ID: 0x177c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\msg711.acm.mui Handle ID: 0xfc4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\msgsm32.acm.mui Handle ID: 0x1a24 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..codec-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_41caac310a838eed\mibincodec.dll.mui Handle ID: 0x10e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..utils-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_dd46cf5fa0b19af2\miutils.dll.mui Handle ID: 0x1124 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netman-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_3ce54b4b43888113\netman.dll.mui Handle ID: 0x11c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.19041.1_en-us_7c46b809efcb4d75\Narrator.exe.mui Handle ID: 0x180c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_10.0.19041.1_en-us_4d6906c3ea3817d6\d2d1.dll.mui Handle ID: 0x844 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_1173d42c87f1862f\PSModuleDiscoveryProvider.dll.mui Handle ID: 0x1570 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_1173d42c87f1862f\psmodulediscoveryprovider.mfl Handle ID: 0x1a5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset.resources_31bf3856ad364e35_10.0.19041.1_en-us_313cc2058f384fa8\reseteng.dll.mui Handle ID: 0x90c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset.resources_31bf3856ad364e35_10.0.19041.1_en-us_313cc2058f384fa8\ResetEngine.dll.mui Handle ID: 0x14cc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-recdisc-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_5fe9c9ee90bc2b1f\recdisc.exe.mui Handle ID: 0xe48 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..veryagent.resources_31bf3856ad364e35_10.0.19041.1_en-us_681fc03c3c11f922\reagent.dll.mui Handle ID: 0x60c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.19041.1_en-us_dffdae74561e42e5\register-cimprovider.exe.mui Handle ID: 0xb90 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-tool-exe.resources_31bf3856ad364e35_10.0.19041.1_en-us_7322bfaaf0abd306\manage-bde.exe.mui Handle ID: 0xf64 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..repairbde.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f00fd67c12e8209\repair-bde.exe.mui Handle ID: 0x12d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\scrobj.dll.mui Handle ID: 0xd14 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rtworkq.resources_31bf3856ad364e35_10.0.19041.1_en-us_eff0eebd4ec240e4\RTWorkQ.dll.mui Handle ID: 0xfb8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\scrrun.dll.mui Handle ID: 0xa50 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_76a64804f924a92f\spp.dll.mui Handle ID: 0xd34 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_76a64804f924a92f\sxproxy.dll.mui Handle ID: 0xf58 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset.resources_31bf3856ad364e35_10.0.19041.1_en-us_313cc2058f384fa8\sysreset.exe.mui Handle ID: 0x950 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_36603f53db43bcf9\srcore.dll.mui Handle ID: 0xe50 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_36603f53db43bcf9\rstrui.exe.mui Handle ID: 0xb24 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..visioning.resources_31bf3856ad364e35_10.0.19041.1_en-us_bba74d5eba00c052\TpmCoreProvisioning.dll.mui Handle ID: 0x99c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-vbscript.resources_31bf3856ad364e35_11.0.19041.1_en-us_f9be72e87a4dc35c\vbscript.dll.mui Handle ID: 0x94c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..wdm-audio.resources_31bf3856ad364e35_10.0.19041.1_en-us_26a4e6c8a1381605\wdmaud.drv.mui Handle ID: 0x19c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..gine-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_7ff834e4c950a565\wbengine.exe.mui Handle ID: 0x1834 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh.resources_31bf3856ad364e35_10.0.19041.1_en-us_2b99bfb5aa908cbb\SRH.dll.mui Handle ID: 0x1a1c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..e-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_069c551ec1ae2c48\WdsImage.dll.mui Handle ID: 0x1980 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..agnostics.resources_31bf3856ad364e35_10.0.19041.1_en-us_923ee710c31c02b1\WdsDiag.dll.mui Handle ID: 0x10c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..re-wizard.resources_31bf3856ad364e35_10.0.19041.1_en-us_b1a5d3546edc3f59\wdscapture.exe.mui Handle ID: 0xd38 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..portingui.resources_31bf3856ad364e35_10.0.19041.1_en-us_451996366353f25c\werui.dll.mui Handle ID: 0x19c8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..st-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_995e9d63e52c413d\wdsmcast.exe.mui Handle ID: 0x838 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..es-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0f229404eb71756\wdsclient.exe.mui Handle ID: 0x17c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_832dcb8b0a4bb42b\VSSVC.exe.mui Handle ID: 0x1924 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..itomi-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_11b3ee8a1a12cfe1\wmitomi.dll.mui Handle ID: 0x1a50 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\wshom.ocx.mui Handle ID: 0x1018 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..xaudio2_9.resources_31bf3856ad364e35_10.0.19041.1_en-us_fd3b95c8c976f5b4\XAudio2_9.dll.mui Handle ID: 0x1a8c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\wscript.exe.mui Handle ID: 0xab0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_aab573223036b6bf\wbadmin.exe.mui Handle ID: 0xebc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh.resources_31bf3856ad364e35_10.0.19041.1_en-us_2b99bfb5aa908cbb\tier2punctuations.dll.mui Handle ID: 0xeac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b018d9a63164212\sapi.dll.mui Handle ID: 0xd7c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ondata-wmi-provider_31bf3856ad364e35_10.0.19041.1_none_6658ea421c6ab115\bcd.mof Handle ID: 0x10ec Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\cli.mof Handle ID: 0x1414 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filetracefilter_31bf3856ad364e35_10.0.19041.1_none_b0b561660c7b5f0c\filetrace.mof Handle ID: 0xd10 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..lesystemsupport-mof_31bf3856ad364e35_10.0.19041.1_none_4931addf0b74706f\IMAPIv2-FileSystemSupport.mof Handle ID: 0x14a4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-legacyshim-mof_31bf3856ad364e35_10.0.19041.1_none_94f00e4647dc0b41\IMAPIv2-LegacyShim.mof Handle ID: 0x1498 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-base-mof_31bf3856ad364e35_10.0.19041.1_none_0981e25f801b452c\IMAPIv2-Base.mof Handle ID: 0x1984 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-kerberos-mof_31bf3856ad364e35_10.0.19041.1_none_9971a16b45127f2a\kerberos.mof Handle ID: 0xf54 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\cimdmtf.mof Handle ID: 0xe4c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mup-mof_31bf3856ad364e35_10.0.19041.1_none_12741f84c3926f7a\Microsoft-Windows-Remote-FileSystem.mof Handle ID: 0xf78 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_10.0.19041.1_none_99a1d18394747435\krnlprov.mof Handle ID: 0x1b5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WMIMigrationPlugin.dll Handle ID: 0xe98 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\mofcomp.exe Handle ID: 0xa08 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_10.0.19041.1_none_99a1d18394747435\KrnlProv.dll Handle ID: 0xcfc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-ntlm-mof_31bf3856ad364e35_10.0.19041.1_none_da48343535c2140a\msv1_0.mof Handle ID: 0x1364 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntfs-mof_31bf3856ad364e35_10.0.19041.1_none_4b1a5556e970adc5\ntfs.mof Handle ID: 0x1204 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mofinstaller_31bf3856ad364e35_10.0.19041.1_none_c80e6cbfcb1e33c7\mofinstall.dll Handle ID: 0x19a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-filter_31bf3856ad364e35_10.0.19041.1_none_920fccc5f5774641\PolicMan.mof Handle ID: 0x17c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\powermeterprovider.mof Handle ID: 0xfc8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\NCProv.dll Handle ID: 0x15c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-filter_31bf3856ad364e35_10.0.19041.1_none_920fccc5f5774641\PolicMan.dll Handle ID: 0x1990 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\rawxml.xsl Handle ID: 0x1474 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\profileassociationprovider.mof Handle ID: 0xaf0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\PowerPolicyProvider.mof Handle ID: 0xbac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\mofd.dll Handle ID: 0x1a7c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-schannel-mof_31bf3856ad364e35_10.0.19041.1_none_9badbd6e04b7eaa1\schannel.mof Handle ID: 0x1528 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_10.0.19041.1_none_f47f6ca465ecdc1b\regevent.mof Handle ID: 0xea4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-base-mof_31bf3856ad364e35_10.0.19041.1_none_a8b542edb18ebdd3\rsop.mof Handle ID: 0xe44 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shenzhouttsvoicecommon_31bf3856ad364e35_10.0.19041.1_none_3218a37ae75dcc89\MSTTSLoc.dll Handle ID: 0x1744 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-mof_31bf3856ad364e35_10.0.19041.1_none_edcef15a244d146a\tcpip.mof Handle ID: 0xa28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hbaapi_31bf3856ad364e35_10.0.19041.1_none_ff04ba67127d59fe\hbaapi.mof Handle ID: 0x1178 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_10.0.19041.1_none_00c334ebf83ee740\SMTPCons.dll Handle ID: 0x1078 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\texttable.xsl Handle ID: 0x1740 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_10.0.19041.1_none_00c334ebf83ee740\scrcons.exe Handle ID: 0x1aa0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\textvaluelist.xsl Handle ID: 0x1a94 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\esscli.dll Handle ID: 0x1a90 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\unsecapp.exe Handle ID: 0x1020 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_10.0.19041.1_none_00c334ebf83ee740\wbemcons.dll Handle ID: 0x103c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_10.0.19041.1_none_cdc4d38aa94a3684\vds.mof Handle ID: 0x1038 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_10.0.19041.1_none_f47f6ca465ecdc1b\stdprov.dll Handle ID: 0x14d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wbemprox.dll Handle ID: 0x1a60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-scripting_31bf3856ad364e35_10.0.19041.1_none_1702461a921abea8\wbemdisp.tlb Handle ID: 0xb8c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_10.0.19041.1_none_3432c764d048a596\repdrvfs.dll Handle ID: 0xef4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-digest-mof_31bf3856ad364e35_10.0.19041.1_none_e21d70adf6c4e8a9\wdigest.mof Handle ID: 0x1604 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wbemsvc.dll Handle ID: 0x1904 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_10.0.19041.1_none_cdc4d38aa94a3684\vdswmi.dll Handle ID: 0xfd4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_10.0.19041.1_none_1673635624aca0dd\Win32_EncryptableVolumeUninstall.mof Handle ID: 0x1a6c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_10.0.19041.1_none_1673635624aca0dd\win32_encryptablevolume.mof Handle ID: 0xf28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shenzhouttsvoicecommon_31bf3856ad364e35_10.0.19041.1_none_3218a37ae75dcc89\MSTTSEngine.dll Handle ID: 0x1a74 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit-mof_31bf3856ad364e35_10.0.19041.1_none_90d1e9fce8e70c10\wininit.mof Handle ID: 0xa20 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_10.0.19041.1_none_3629d754154563e3\winlogon.mof Handle ID: 0x1a30 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_10.0.19041.1_none_257e1be45fa14ced\Win32_Tpm.mof Handle ID: 0xe6c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_10.0.19041.1_none_257e1be45fa14ced\Win32_Tpm.dll Handle ID: 0x19b0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-scripting_31bf3856ad364e35_10.0.19041.1_none_1702461a921abea8\wbemdisp.dll Handle ID: 0x18cc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WmiApRes.dll Handle ID: 0x1a04 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.1_none_56a3c953964ea509\WinMgmt.exe Handle ID: 0x14e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WinMgmtR.dll Handle ID: 0x834 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_10.0.19041.1_none_1673635624aca0dd\Win32_EncryptableVolume.dll Handle ID: 0x1a70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.1_none_56a3c953964ea509\WmiApRpl.dll Handle ID: 0xbb8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools_31bf3856ad364e35_10.0.19041.1_none_8dec776522fcecde\wbemtest.exe Handle ID: 0x808 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WMIADAP.exe Handle ID: 0x17f8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_10.0.19041.1_none_b13a60de191a2a63\fastprox.dll Handle ID: 0x93c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WmiApSrv.exe Handle ID: 0xcac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WMICOOKR.dll Handle ID: 0xd5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_10.0.19041.1_none_7cbc133a15aeab54\wmipdfs.mof Handle ID: 0xd20 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_10.0.19041.1_none_7cbc133a15aeab54\wmipdskq.mof Handle ID: 0xcc8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-wbemess-dll_31bf3856ad364e35_10.0.19041.1_none_19c65ca7cefe6dba\wbemess.dll Handle ID: 0x18f4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\wmipdfs.dll Handle ID: 0x176c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-ping-provider_31bf3856ad364e35_10.0.19041.1_none_01770cc86da5219f\wmipicmp.mof Handle ID: 0x158c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-ping-provider_31bf3856ad364e35_10.0.19041.1_none_01770cc86da5219f\WMIPICMP.dll Handle ID: 0x12a4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.1_none_c653cc0f2ac29042\WmiDcPrv.dll Handle ID: 0xe5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_10.0.19041.1_none_7cbc133a15aeab54\wmipsess.mof Handle ID: 0x11b0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\wmipdskq.dll Handle ID: 0x19ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\WMIPSESS.dll Handle ID: 0x1900 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\xsl-mappings.xml Handle ID: 0xd70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..win32-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_599754e5b9029653\cimwin32.dll.mui Handle ID: 0xe08 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\wmipcima.dll Handle ID: 0x186c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\cliegaliases.mfl Handle ID: 0x19f0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\csv.xsl Handle ID: 0x1af0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..acefilter.resources_31bf3856ad364e35_10.0.19041.1_en-us_6e18d367acc20529\filetrace.mfl Handle ID: 0x17a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-wdm-provider_31bf3856ad364e35_10.0.19041.1_none_3023d989016d37fb\wmiprov.dll Handle ID: 0xad0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_10.0.19041.1_none_579ae2e26c347896\WMIC.exe Handle ID: 0xe60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wmiutils.dll Handle ID: 0xe64 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\hform.xsl Handle ID: 0xa44 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\htable.xsl Handle ID: 0x1874 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_787819b31b8e3264\KrnlProv.dll.mui Handle ID: 0x11d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\cli.mfl Handle ID: 0x1008 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_787819b31b8e3264\krnlprov.mfl Handle ID: 0xffc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\mofcomp.exe.mui Handle ID: 0xdcc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-speechcommon_31bf3856ad364e35_10.0.19041.1_none_8bf3561a72086bb6\sapi.dll Handle ID: 0x1b64 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\mof.xsl Handle ID: 0x16e4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\NCProv.dll.mui Handle ID: 0xe70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_10.0.19041.1_en-us_78a6075453bcd506\PolicMan.mfl Handle ID: 0x1408 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\profileassociationprovider.mfl Handle ID: 0x10ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\mofd.dll.mui Handle ID: 0x12c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\powermeterprovider.mfl Handle ID: 0xf0c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\cimdmtf.mfl Handle ID: 0xad8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..consumers.resources_31bf3856ad364e35_10.0.19041.1_en-us_160b9316be795953\scrcons.exe.mui Handle ID: 0xa88 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\PowerPolicyProvider.mfl Handle ID: 0x1334 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_8c7ca8bc3d6c201b\vdswmi.dll.mui Handle ID: 0x1ad8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_1e1952baf26cd93f\wininit.mfl Handle ID: 0x12c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mcore-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_8db0eb93c93994af\wbemcore.dll.mui Handle ID: 0x1138 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_deabf0d9beac524a\winlogon.mfl Handle ID: 0xb2c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_4299559dcbb02d80\WinMgmt.exe.mui Handle ID: 0xefc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\WmiApRes.dll.mui Handle ID: 0xfac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.1_none_56a3c953964ea509\WMIsvc.dll Handle ID: 0x17b0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_4299559dcbb02d80\WmiApRpl.dll.mui Handle ID: 0x13a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\WmiApSrv.exe.mui Handle ID: 0xa30 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_fd6813e5c3d1c883\wbemtest.exe.mui Handle ID: 0x1878 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_8c7ca8bc3d6c201b\vds.mfl Handle ID: 0x187c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b12272852ae8ea37\wmipdfs.mfl Handle ID: 0xd88 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\WinMgmtR.dll.mui Handle ID: 0x14bc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_85666a725c5321a4\regevent.mfl Handle ID: 0xa98 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b73a00e4bc93332e\WMIPICMP.dll.mui Handle ID: 0xb10 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b12272852ae8ea37\wmipdskq.mfl Handle ID: 0xe40 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_4299559dcbb02d80\WMIsvc.dll.mui Handle ID: 0x1880 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\xml.xsl Handle ID: 0x1884 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b12272852ae8ea37\wmipsess.mfl Handle ID: 0x19bc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b73a00e4bc93332e\wmipicmp.mfl Handle ID: 0x19c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\wmiutils.dll.mui Handle ID: 0x106c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.1_none_c653cc0f2ac29042\WmiPrvSE.exe Handle ID: 0xd74 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_b54e33bc60acaeb9\WMIC.exe.mui Handle ID: 0x175c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hbaapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_468f592c03894065\hbaapi.mfl Handle ID: 0x1188 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\cim20.dtd Handle ID: 0x1780 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-g..-base-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_569b37de4343f2d2\rsop.mfl Handle ID: 0x19b8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wmi20.dtd Handle ID: 0x142c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-text-encoding_31bf3856ad364e35_10.0.19041.1_none_6f727490db6e1eb0\wmi2xml.dll Handle ID: 0x1820 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakra.dll.mun Handle ID: 0x1464 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.1_none_c653cc0f2ac29042\WmiPrvSD.dll Handle ID: 0xed0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ovider-cimwin32-dll_31bf3856ad364e35_10.0.19041.1_none_859bfeb4a56d5200\cimwin32.dll Handle ID: 0x110c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_10.0.19041.1_none_97b0c067762f34f0\wbemcore.dll Handle ID: 0x9ec Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-winomi-mibincodec-dll_31bf3856ad364e35_10.0.19041.1_none_08e03f6b4185534a\mibincodec.dll Handle ID: 0xee8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-winomi-mimofcodec-dll_31bf3856ad364e35_10.0.19041.1_none_05cbca3efb23b257\mimofcodec.dll Handle ID: 0x145c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\cliegaliases.mof Handle ID: 0xa48 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0xadc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_40104b85a18bfcb2.cdf-ms Handle ID: 0xb88 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_de3c4ceb52549e1c.cdf-ms Handle ID: 0x156c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_en-us_8245c3aed97c0844.cdf-ms Handle ID: 0x18bc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_pcat_de3c62295de3e26e.cdf-ms Handle ID: 0x914 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_pcat_en-us_80af7686f451a150.cdf-ms Handle ID: 0x140c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_en-us_40104e69a1d105cc.cdf-ms Handle ID: 0x18d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_logs_measuredboot_ab1fadc53c86b337.cdf-ms Handle ID: 0x18d4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_3b206622a946e834.cdf-ms Handle ID: 0x18d8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_common_76cd6f1aaba6e83b.cdf-ms Handle ID: 0x18dc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_common_en-us_11ebcc5f3c902d23.cdf-ms Handle ID: 0x18e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_engines_8a294d630e90192b.cdf-ms Handle ID: 0x1910 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_engines_tts_4e06b8e5aea05fb6.cdf-ms Handle ID: 0x15ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_engines_tts_en-us_5bd3d35b5669eef6.cdf-ms Handle ID: 0x1914 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_driverstore_a531a9c6b3dfcf87.cdf-ms Handle ID: 0x1650 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms Handle ID: 0x1b18 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_speech_common_8c297630658eaa3d.cdf-ms Handle ID: 0xabc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_speech_common_en-us_fda4d836608fc881.cdf-ms Handle ID: 0x159c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_speech_engines_tts_181a16025b64685a.cdf-ms Handle ID: 0xb60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_xml_026f0f207227ebbc.cdf-ms Handle ID: 0x108c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata.cdf-ms Handle ID: 0x9e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_crypto_pcpksp_windowsaik_cb9775b914a8e5a2.cdf-ms Handle ID: 0x12b4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_fe5c6d762edd2110.cdf-ms Handle ID: 0x12d4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_cae2264614449191.cdf-ms Handle ID: 0x1a58 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_fde55420546edfe6.cdf-ms Handle ID: 0x870 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_administrative_tools_50eba26877c48094.cdf-ms Handle ID: 0x14b8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_d672ba09d81e87ff.cdf-ms Handle ID: 0x1620 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms Handle ID: 0x13dc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms Handle ID: 0x1450 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms Handle ID: 0xc7c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_en-us_8a16130a1a0cde0c.cdf-ms Handle ID: 0xa58 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_92b215ec670a7f35.cdf-ms Handle ID: 0x18e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_auxpad_bb15ebb5c2b76782.cdf-ms Handle ID: 0x18ec Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_insert_bb25e7d5c2685e4a.cdf-ms Handle ID: 0x1418 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_keypad_bb29f287c24d4a93.cdf-ms Handle ID: 0xb14 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskclearui_efb22b63342a179d.cdf-ms Handle ID: 0x9c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_main_992db4c6307e339e.cdf-ms Handle ID: 0x1888 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskmenu_4ada925d6aba5911.cdf-ms Handle ID: 0x188c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_osknav_bb31da33c2376c77.cdf-ms Handle ID: 0x1890 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_osknumpad_ee37ed195958108b.cdf-ms Handle ID: 0x11b8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskpred_4ada71c56aba89ef.cdf-ms Handle ID: 0x11c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_symbols_4eaf815d64e8ecbc.cdf-ms Handle ID: 0x1124 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_languagemodel_ccceb944834c6c97.cdf-ms Handle ID: 0x129c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0x1298 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources.cdf-ms Handle ID: 0x1570 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources_en-us_2e88d920877a69ae.cdf-ms Handle ID: 0x844 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources_recovery_fa3a0fbfbc08eda1.cdf-ms Handle ID: 0xe58 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users.cdf-ms Handle ID: 0x1894 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_73615b64075aa65f.cdf-ms Handle ID: 0x1898 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_33f0d5f51e505ec2.cdf-ms Handle ID: 0x1854 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_482f0bdd00d1643d.cdf-ms Handle ID: 0x1858 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_b898cfd29d5951f1.cdf-ms Handle ID: 0x185c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_4793cab2f72cc262.cdf-ms Handle ID: 0x1860 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_5eb528778fd8d821.cdf-ms Handle ID: 0x184c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_programs_accessibility_1fe25fac404028a8.cdf-ms Handle ID: 0xf64 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0xb90 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\diagER.dll Handle ID: 0xad8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\hwexclude.txt Handle ID: 0xf0c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\hwcompat.dll Handle ID: 0x16c8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\offline.xml Handle ID: 0xab0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\setupplatform.exe Handle ID: 0x1018 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ejuvenation-onecore_31bf3856ad364e35_10.0.19041.1_none_9e2b40a4daa9bd87\unattend.dll Handle ID: 0xd7c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\upgrade_frmwrk.xml Handle ID: 0xffc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\hwcompat.txt Handle ID: 0xdcc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\reagent.dll Handle ID: 0x1ad0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\wdsutil.dll Handle ID: 0x1ad4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\unbcl.dll Handle ID: 0x14e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..uvenation.resources_31bf3856ad364e35_10.0.19041.1_en-us_f9d1de7aec7190b4\setupplatform.exe.mui Handle ID: 0x12c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ejuvenation-onecore_31bf3856ad364e35_10.0.19041.1_none_9e2b40a4daa9bd87\wpx.dll Handle ID: 0x1614 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\setupplatform.dll Handle ID: 0x129c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-dokchampa_31bf3856ad364e35_10.0.19041.1_none_07724f8ba119348c\dokchamp.ttf Handle ID: 0xe80 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..pe-estrangeloedessa_31bf3856ad364e35_10.0.19041.1_none_b29fcdf719528101\estre.ttf Handle ID: 0x1474 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_10.0.19041.1_none_bdb5bbcec322f2e9\daunpenh.ttf Handle ID: 0x8e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-browallia_31bf3856ad364e35_10.0.19041.1_none_81f2722e20f72389\browalia.ttc Handle ID: 0xd84 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_10.0.19041.1_none_6e153adbf8560c28\euphemia.ttf Handle ID: 0x12c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_10.0.19041.1_none_c01d2d24b8311281\kartika.ttf Handle ID: 0x1334 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_10.0.19041.1_none_31a57ca83b98313a\gautamib.ttf Handle ID: 0x1038 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-gadugibold_31bf3856ad364e35_10.0.19041.1_none_3611087a5197320a\gadugib.ttf Handle ID: 0x1128 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_10.0.19041.1_none_c01d2d24b8311281\kartikab.ttf Handle ID: 0x14d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-gadugi_31bf3856ad364e35_10.0.19041.1_none_9a2fcf6fc49d7ad7\gadugi.ttf Handle ID: 0xcac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kalinga_31bf3856ad364e35_10.0.19041.1_none_bf4a9e141fed34ff\kalingab.ttf Handle ID: 0xd5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_10.0.19041.1_none_31a57ca83b98313a\gautami.ttf Handle ID: 0xd20 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kalinga_31bf3856ad364e35_10.0.19041.1_none_bf4a9e141fed34ff\kalinga.ttf Handle ID: 0xcc8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..uetype-javanesetext_31bf3856ad364e35_10.0.19041.1_none_b3574d6de9cf3152\javatext.ttf Handle ID: 0x18f4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_10.0.19041.1_none_2a28dd53b9428be2\LaoUIb.ttf Handle ID: 0x93c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_10.0.19041.1_none_2a28dd53b9428be2\LaoUI.ttf Handle ID: 0x1a70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_10.0.19041.1_none_26a2cd7dbb849930\latha.ttf Handle ID: 0xf50 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_10.0.19041.1_none_26a2cd7dbb849930\lathab.ttf Handle ID: 0xbb4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_10.0.19041.1_none_be821a687d9acbbd\leelawad.ttf Handle ID: 0x1744 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_10.0.19041.1_none_be821a687d9acbbd\leelawdb.ttf Handle ID: 0x12c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_10.0.19041.1_none_8462a8d0ff9b835c\iskpotab.ttf Handle ID: 0x1900 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_10.0.19041.1_none_fef69e3609e0910f\KhmerUIb.ttf Handle ID: 0x1ad0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-mvboli_31bf3856ad364e35_10.0.19041.1_none_28df0bade745dad7\mvboli.ttf Handle ID: 0x1038 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_10.0.19041.1_none_6a270ea175c7f96e\mangal.ttf Handle ID: 0xa28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_10.0.19041.1_none_6a270ea175c7f96e\mangalb.ttf Handle ID: 0x1178 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-newtailue_31bf3856ad364e35_10.0.19041.1_none_6754931ac9bff51a\ntailu.ttf Handle ID: 0x1078 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..etype-newtailuebold_31bf3856ad364e35_10.0.19041.1_none_5d1126271181e8f5\ntailub.ttf Handle ID: 0x1740 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..e-microsofthimalaya_31bf3856ad364e35_10.0.19041.1_none_be23cd6ddb05a43c\himalaya.ttf Handle ID: 0xd5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_10.0.19041.1_none_fef69e3609e0910f\KhmerUI.ttf Handle ID: 0x16cc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_10.0.19041.1_none_8462a8d0ff9b835c\iskpota.ttf Handle ID: 0xaf0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-plantagenet_31bf3856ad364e35_10.0.19041.1_none_a120896fb792f283\plantc.ttf Handle ID: 0x19a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_10.0.19041.1_none_28c07ecf98e12f9c\phagspa.ttf Handle ID: 0x1128 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_10.0.19041.1_none_fcd05ab568b5f217\raavi.ttf Handle ID: 0xdcc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-phagspabold_31bf3856ad364e35_10.0.19041.1_none_3aea002642688123\phagspab.ttf Handle ID: 0x93c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..type-mongolianbaiti_31bf3856ad364e35_10.0.19041.1_none_b98ed43aa5e7a533\monbaiti.ttf Handle ID: 0x17c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_10.0.19041.1_none_fcd05ab568b5f217\raavib.ttf Handle ID: 0x1348 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ype-myanmartextbold_31bf3856ad364e35_10.0.19041.1_none_425c516c686c438d\mmrtextb.ttf Handle ID: 0xfc8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-myanmartext_31bf3856ad364e35_10.0.19041.1_none_0ed94ed2eab432b2\mmrtext.ttf Handle ID: 0xbb4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-yibaiti_31bf3856ad364e35_10.0.19041.1_none_0e32cdcd59fbc6c5\msyi.ttf Handle ID: 0x15c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_10.0.19041.1_none_846cdc31fb668b8c\ebrima.ttf Handle ID: 0x1990 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-ebrimabold_31bf3856ad364e35_10.0.19041.1_none_e73f502bddc74e95\ebrimabd.ttf Handle ID: 0xf50 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-nyala_31bf3856ad364e35_10.0.19041.1_none_6bc876d1a17af749\nyala.ttf Handle ID: 0x1a70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-taile_31bf3856ad364e35_10.0.19041.1_none_414fac2f4ef3e4db\taile.ttf Handle ID: 0x18f4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-tailebold_31bf3856ad364e35_10.0.19041.1_none_618a29e4c90ae974\taileb.ttf Handle ID: 0x10f4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_10.0.19041.1_none_3eb6c46150b50021\tungab.ttf Handle ID: 0x11d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_10.0.19041.1_none_8358b3e9f1389949\shrutib.ttf Handle ID: 0x1900 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_10.0.19041.1_none_3eb6c46150b50021\tunga.ttf Handle ID: 0xa28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_10.0.19041.1_none_8358b3e9f1389949\shruti.ttf Handle ID: 0x1038 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_10.0.19041.1_none_2c157aebf8a0f49c\vrindab.ttf Handle ID: 0x1744 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_10.0.19041.1_none_2c157aebf8a0f49c\vrinda.ttf Handle ID: 0x1ad0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onexschema_31bf3856ad364e35_10.0.19041.1_none_0b333e5de5b48e52\OneX_v1.xsd Handle ID: 0xd20 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WFD_LEGACY_profile_v1.xsd Handle ID: 0x18f0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_profile_v3.xsd Handle ID: 0xcac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_profile_v2.xsd Handle ID: 0x14d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WFD_profile_v1.xsd Handle ID: 0x1334 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLANAP_profile_v1.xsd Handle ID: 0x12c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_policy_v1.xsd Handle ID: 0x1078 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\Rules.System.Wireless.xml Handle ID: 0xd84 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\Report.System.Wireless.xml Handle ID: 0x8e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_profile_v1.xsd Handle ID: 0x1474 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\Report.System.Wireless.xml Handle ID: 0x129c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-nirmalaui_31bf3856ad364e35_10.0.19041.1_none_bb8c742f0f537122\NirmalaB.ttf Handle ID: 0xe80 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\Rules.System.Wireless.xml Handle ID: 0x1614 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-nirmalaui_31bf3856ad364e35_10.0.19041.1_none_bb8c742f0f537122\NirmalaS.ttf Handle ID: 0x14e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\cmi2migxml.dll Handle ID: 0x10f0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10_31bf3856ad364e35_10.0.19041.1_none_a5a973226d09843c\d3d10core.dll Handle ID: 0x1128 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_10.0.19041.1_none_061a8ae948ef9d75\d3d10_1core.dll Handle ID: 0x880 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_10.0.19041.1_none_783e7a290023bc74\d3d8thk.dll Handle ID: 0x142c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_10.0.19041.1_none_061a8ae948ef9d75\d3d10_1.dll Handle ID: 0xd7c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-d3d10level9_31bf3856ad364e35_10.0.19041.1_none_994f7a363ef01d1c\d3d10level9.dll Handle ID: 0xab0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\csiagent.dll Handle ID: 0x1900 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e30dc15461474d20\dafWCN.dll Handle ID: 0x1038 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\delegatorprovider.dll Handle ID: 0xffc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dafwfdprovider_31bf3856ad364e35_10.0.19041.1_none_b058c457605b2980\dafWfdProvider.dll Handle ID: 0x186c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ent-appxpackagingom_31bf3856ad364e35_10.0.19041.1_none_cf9f54279a49afa1\AppxPackaging.dll Handle ID: 0xfac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d11on12_31bf3856ad364e35_10.0.19041.1_none_b1c8a7f2e6d6007f\d3d11on12.dll Handle ID: 0x998 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..txvideoacceleration_31bf3856ad364e35_10.0.19041.1_none_21c5c011e1907693\dxva2.dll Handle ID: 0xdcc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-directx-dxcore_31bf3856ad364e35_10.0.19041.1_none_69b9ab9a9fe50fec\DXCore.dll Handle ID: 0xbb4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10_31bf3856ad364e35_10.0.19041.1_none_a5a973226d09843c\d3d10.dll Handle ID: 0x1a70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fmapi_31bf3856ad364e35_10.0.19041.1_none_08fd237cd396b20c\fmapi.dll Handle ID: 0x10f4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e30dc15461474d20\fdWCN.dll Handle ID: 0x18f4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-dxgi_31bf3856ad364e35_10.0.19041.1_none_f06f85d6bdea4043\dxgi.dll Handle ID: 0xe70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\iemigplugin.dll Handle ID: 0x1228 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d12_31bf3856ad364e35_10.0.19041.1_none_a5a945926d09b77e\D3D12.dll Handle ID: 0x1614 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_10.0.19041.1_none_783e7a290023bc74\d3d9.dll Handle ID: 0x13a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-imagesupport_31bf3856ad364e35_11.0.19041.1_none_27d7512ffd45dfff\imgutil.dll Handle ID: 0x14e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsied.dll Handle ID: 0x16c8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\EdgeManager.dll Handle ID: 0xf0c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsium.dll Handle ID: 0xaac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mail-comm-dll_31bf3856ad364e35_10.0.19041.1_none_2fa237edf7ea2ae4\INETRES.dll Handle ID: 0x91c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsicli.exe Handle ID: 0x1838 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsidsc.dll Handle ID: 0xdfc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsiwmi.dll Handle ID: 0x13dc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsiwmiv2.dll Handle ID: 0xe64 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsiexe.dll Handle ID: 0xf60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.1_none_fc149c68bc8daa04\IndexedDbLegacy.dll Handle ID: 0x19ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\IESettingSync.exe Handle ID: 0x11b0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_10.0.19041.1_none_a5a95c5a6d099ddd\d3d11.dll Handle ID: 0xe5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l2na_31bf3856ad364e35_10.0.19041.1_none_60b4ee44b96a7f24\l2nacp.dll Handle ID: 0x1618 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_10.0.19041.1_none_ba9b1bcfb0acbb97\FntCache.dll Handle ID: 0x10c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migres.dll Handle ID: 0x16cc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mail-comm-dll_31bf3856ad364e35_10.0.19041.1_none_2fa237edf7ea2ae4\inetcomm.dll Handle ID: 0xfc8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migisol.dll Handle ID: 0x13a4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.19041.1_none_433c779d1394f332\mshta.exe Handle ID: 0xa28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migapp.xml Handle ID: 0x1a1c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\mighost.exe Handle ID: 0x15c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang_31bf3856ad364e35_10.0.19041.1_none_0cd058fc835bd4ba\mlang.dll Handle ID: 0xa98 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migsys.dll Handle ID: 0x1990 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-ratings_31bf3856ad364e35_11.0.19041.1_none_b174c6b066f29f19\msrating.dll Handle ID: 0x139c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..cesframework-msimtf_31bf3856ad364e35_10.0.19041.1_none_877691e089f9d7ad\msimtf.dll Handle ID: 0x1ad4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_11.0.19041.1_none_320b71c34d9c2946\mshtmled.dll Handle ID: 0x11d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mail-comm-dll_31bf3856ad364e35_10.0.19041.1_none_2fa237edf7ea2ae4\msoert2.dll Handle ID: 0x1ad0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang_31bf3856ad364e35_10.0.19041.1_none_0cd058fc835bd4ba\mlang.dat Handle ID: 0x1740 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\MXEAgent.dll Handle ID: 0xad8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\osfilter.inf Handle ID: 0xd24 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\oscomps.woa.xml Handle ID: 0xd5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_11.0.19041.1_none_d7a8f7851da0d841\pngfilt.dll Handle ID: 0x18e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\pnppropmig.dll Handle ID: 0xb10 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migstore.dll Handle ID: 0x1364 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-oleui_31bf3856ad364e35_10.0.19041.1_none_d66507834d1f0011\oledlg.dll Handle ID: 0x93c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onex_31bf3856ad364e35_10.0.19041.1_none_5bbc2970bcb926cd\onex.dll Handle ID: 0xa88 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\oscomps.xml Handle ID: 0x1348 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-d3dcompiler_31bf3856ad364e35_10.0.19041.1_none_9f4327d7bb6def3f\D3DCompiler_47.dll Handle ID: 0x17c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\ReserveManager.dll Handle ID: 0x1980 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\setupplatform.cfg Handle ID: 0x1a94 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFCN.dat Handle ID: 0xf50 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFLCID.dat Handle ID: 0x1744 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFPAT.inf Handle ID: 0xd40 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFPATRS1.inf Handle ID: 0x129c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFPATW7.inf Handle ID: 0x1334 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFPATW8.inf Handle ID: 0xa80 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFPATWB.inf Handle ID: 0xa90 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFPATWT.inf Handle ID: 0x12c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\sflistw8.woa.dat Handle ID: 0xcac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\sflistwb.woa.dat Handle ID: 0x14d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_passthru.dll Handle ID: 0x1078 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\uninstall.xml Handle ID: 0x18f0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\uninstall_data.xml Handle ID: 0x1178 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\upgradeagent.xml Handle ID: 0xaf0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-component-opcom_31bf3856ad364e35_10.0.19041.1_none_59280f5751ee8923\OpcServices.dll Handle ID: 0x19a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\upgrade_comp.xml Handle ID: 0x1984 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFLISTW7.dat Handle ID: 0xf54 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\upgrade_data.xml Handle ID: 0xd10 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\mshtml.tlb Handle ID: 0x1008 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\upgWow_bulk.xml Handle ID: 0xd20 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\upgrade_bulk.xml Handle ID: 0x1020 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\WcnEapPeerProxy.dll Handle ID: 0xd84 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\WcnEapAuthProxy.dll Handle ID: 0x8e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-netsh-helper_31bf3856ad364e35_10.0.19041.1_none_980b0e2792bde2ab\WcnNetsh.dll Handle ID: 0x12c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\WcnApi.dll Handle ID: 0x1534 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wfdprov.dll Handle ID: 0x17f8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFLISTW8.dat Handle ID: 0x17c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\WiFiConfigSP.dll Handle ID: 0x1b5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-warp10_31bf3856ad364e35_10.0.19041.1_none_a054b167f609e4fc\d3d10warp.dll Handle ID: 0xf78 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_10.0.19041.1_none_f323c5809ebfa506\wcnwiz.dll Handle ID: 0x1a90 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\sflistwt.woa.dat Handle ID: 0x1128 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\wcncsvc.dll Handle ID: 0x10f0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wifidisplay_31bf3856ad364e35_10.0.19041.1_none_a7cc6a3e80623078\WiFiDisplay.dll Handle ID: 0x1820 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFLISTWB.dat Handle ID: 0x1a8c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlanhlp.dll Handle ID: 0xd50 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-extension_31bf3856ad364e35_10.0.19041.1_none_afd43cb1c2b70f77\wlanext.exe Handle ID: 0x89c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-dialog_31bf3856ad364e35_10.0.19041.1_none_c59f82998d027290\wlandlg.dll Handle ID: 0x1900 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-netsh-helper_31bf3856ad364e35_10.0.19041.1_none_ca8ef5b603a219f9\wlancfg.dll Handle ID: 0xffc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlansvcpal.dll Handle ID: 0x1038 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\webplatstorageserver.dll Handle ID: 0x1780 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlanapi.dll Handle ID: 0x14a4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlanmsm.dll Handle ID: 0x1498 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanpref_31bf3856ad364e35_10.0.19041.1_none_ef7eafacae5f597a\wlanpref.dll Handle ID: 0x1824 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlansec.dll Handle ID: 0xd14 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanconnectionflow_31bf3856ad364e35_10.0.19041.1_none_4025e317072f2c79\WLanConn.dll Handle ID: 0xfb8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanui_31bf3856ad364e35_10.0.19041.1_none_227d2dca8c30e04b\wlanui.dll Handle ID: 0xa50 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFLISTWT.dat Handle ID: 0xbb4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\SFLISTRS1.dat Handle ID: 0xd34 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi.dll Handle ID: 0x1650 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\ieframe.dll Handle ID: 0x1914 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\upgradeagent.dll Handle ID: 0x15ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlansvc.dll Handle ID: 0x18d4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vwifi_31bf3856ad364e35_10.0.19041.1_none_1585bba662e285b4\vwifibus.sys Handle ID: 0x18d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vwifi_31bf3856ad364e35_10.0.19041.1_none_1585bba662e285b4\vwifimp.sys Handle ID: 0x140c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vwifi_31bf3856ad364e35_10.0.19041.1_none_1585bba662e285b4\vwififlt.sys Handle ID: 0x914 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nwifi.resources_31bf3856ad364e35_10.0.19041.1_en-us_c8070434a22590cd\nwifi.sys.mui Handle ID: 0x1938 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-native-80211_31bf3856ad364e35_10.0.19041.1_none_04f9b6942e500cbb\nwifi.sys Handle ID: 0xcc8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netnwifi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f8fe2216006d1a98\netnwifi.inf_loc Handle ID: 0x1474 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-native-80211_31bf3856ad364e35_10.0.19041.1_none_04f9b6942e500cbb\WdiWiFi.sys Handle ID: 0x19ec Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ckagingom.resources_31bf3856ad364e35_10.0.19041.1_en-us_88a7ebc1de04eda0\AppxPackaging.dll.mui Handle ID: 0x14e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_10.0.19041.1_en-us_86cec2673098cffa\FntCache.dll.mui Handle ID: 0xe38 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migcore.dll Handle ID: 0xe34 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_10.0.19041.1_en-us_68a68fbe4b19e7fb\iscsiexe.dll.mui Handle ID: 0x9cc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_10.0.19041.1_en-us_68a68fbe4b19e7fb\iscsidsc.dll.mui Handle ID: 0x82c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_10.0.19041.1_en-us_68a68fbe4b19e7fb\iscsicli.exe.mui Handle ID: 0x137c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l2na.resources_31bf3856ad364e35_10.0.19041.1_en-us_5c3c1f3e779f0e69\l2nacp.dll.mui Handle ID: 0xa84 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_73a0f7eac168b613\inetres.dll.mui Handle ID: 0x1320 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..uvenation.resources_31bf3856ad364e35_10.0.19041.1_en-us_f9d1de7aec7190b4\migres.dll.mui Handle ID: 0x132c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..plication.resources_31bf3856ad364e35_11.0.19041.1_en-us_3f3ff51619c4352f\mshta.exe.mui Handle ID: 0x1328 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..rk-msimtf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9aef241ffe9ee48e\msimtf.dll.mui Handle ID: 0x130c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_73a0f7eac168b613\msoert2.dll.mui Handle ID: 0xd9c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onex.resources_31bf3856ad364e35_10.0.19041.1_en-us_12b2f524e0d28e4a\onex.dll.mui Handle ID: 0xa70 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-oleui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e0077757f5b0f7a\oledlg.dll.mui Handle ID: 0xe44 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..registrar.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3eb241433b64a4b\wcncsvc.dll.mui Handle ID: 0xe5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_10.0.19041.1_en-us_a38d7bfae8bfcdba\WcnNetsh.dll.mui Handle ID: 0x11b0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wifidisplay.resources_31bf3856ad364e35_10.0.19041.1_en-us_c6fdd4da1ee2267b\WiFiDisplay.dll.mui Handle ID: 0x13dc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_10.0.19041.1_en-us_a44c126c8514cadc\wcnwiz.dll.mui Handle ID: 0x19ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ng-legacy.resources_31bf3856ad364e35_11.0.19041.1_en-us_d5f8b953ccacd563\mshtml.dll.mui Handle ID: 0xf60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..extension.resources_31bf3856ad364e35_10.0.19041.1_en-us_f4657f1f1f8ea752\wlanext.exe.mui Handle ID: 0x1228 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-dialog.resources_31bf3856ad364e35_10.0.19041.1_en-us_38e96d2dff6e4eed\wlandlg.dll.mui Handle ID: 0xfa4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ctionflow.resources_31bf3856ad364e35_10.0.19041.1_en-us_c91f468d556191ce\WLanConn.dll.mui Handle ID: 0x13a4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\wlanapi.dll.mui Handle ID: 0xfc8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.0.19041.1_en-us_f6caf3e30da48a47\edgehtml.dll.mui Handle ID: 0x16cc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanui.resources_31bf3856ad364e35_10.0.19041.1_en-us_dcec1ba181e3ee3a\wlanui.dll.mui Handle ID: 0xe64 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanpref.resources_31bf3856ad364e35_10.0.19041.1_en-us_aabcfb6886cdc9c9\wlanpref.dll.mui Handle ID: 0x10c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\wlansvc.dll.mui Handle ID: 0x1618 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_10.0.19041.1_en-us_76e27666d9d17a96\wlancfg.dll.mui Handle ID: 0x138c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi.dll.mui Handle ID: 0x1370 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsiwmiv2_uninstall.mof Handle ID: 0x808 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsirem.mof Handle ID: 0x1ad8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsidsc.mof Handle ID: 0x135c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsiwmiv2.mof Handle ID: 0x1368 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\msiscsi.mof Handle ID: 0x136c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsiprf.mof Handle ID: 0xe10 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_passthru.mof Handle ID: 0xa4c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_passthru_uninstall.mof Handle ID: 0x11d8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsihba.mof Handle ID: 0x988 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_uninstall.mof Handle ID: 0xd68 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e30dc15461474d20\wcncsvc.mof Handle ID: 0x1280 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlan.mof Handle ID: 0xe60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsiwmiv2_uninstall.mfl Handle ID: 0x1408 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsiprf.mfl Handle ID: 0xb10 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi_passthru.mfl Handle ID: 0x18e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsidsc.mfl Handle ID: 0xd5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..registrar.resources_31bf3856ad364e35_10.0.19041.1_en-us_d268c9b84909f6f5\wcncsvc.mfl Handle ID: 0xd24 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi_uninstall.mfl Handle ID: 0xa88 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi.mof Handle ID: 0x1a1c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.0.19041.1_en-us_79a8d08cd7e5bb3a\ieframe.dll.mui Handle ID: 0xb48 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsiwmiv2.mfl Handle ID: 0x93c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSI.psd1 Handle ID: 0x17c0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSIConnection.cdxml Handle ID: 0x1a30 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSISession.cdxml Handle ID: 0xd40 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSITargetPortal.cdxml Handle ID: 0x1744 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSITarget.cdxml Handle ID: 0x1924 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileIntegrity.cdxml Handle ID: 0x145c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\DiskImage.cdxml Handle ID: 0x1334 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileServer.cdxml Handle ID: 0xf50 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\InitiatorId.cdxml Handle ID: 0x127c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\OffloadDataTransferSetting.cdxml Handle ID: 0x11e8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\InitiatorPort.cdxml Handle ID: 0xa90 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileStorageTier.cdxml Handle ID: 0xa80 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\PhysicalDisk.cdxml Handle ID: 0x1348 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileShare.cdxml Handle ID: 0xad8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\ResiliencySetting.cdxml Handle ID: 0x1740 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Disk.cdxml Handle ID: 0x1ad0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Storage.psd1 Handle ID: 0x11d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\MaskingSet.cdxml Handle ID: 0x1ad4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Partition.cdxml Handle ID: 0x139c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageHealth.cdxml Handle ID: 0x1990 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageNode.cdxml Handle ID: 0xa98 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageJob.cdxml Handle ID: 0x15c4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageReliabilityCounter.cdxml Handle ID: 0xa28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageEnclosure.cdxml Handle ID: 0xdfc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageProvider.cdxml Handle ID: 0x1838 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageSetting.cdxml Handle ID: 0xd10 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StoragePool.cdxml Handle ID: 0xf54 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageTier.cdxml Handle ID: 0x1008 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\TargetPort.cdxml Handle ID: 0x1984 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\TargetPortal.cdxml Handle ID: 0x19a8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Storage.format.ps1xml Handle ID: 0xaf0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.format.ps1xml Handle ID: 0x1178 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.psd1 Handle ID: 0x18f0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageSubSystem.cdxml Handle ID: 0x14d0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.types.ps1xml Handle ID: 0x11e4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\VirtualDisk.cdxml Handle ID: 0x11dc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Volume.cdxml Handle ID: 0xd48 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageCmdlets.cdxml Handle ID: 0x12a0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Storage.types.ps1xml Handle ID: 0x1288 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.psm1 Handle ID: 0x1218 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsicli.exe.mun Handle ID: 0x1234 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageScripts.psm1 Handle ID: 0x1230 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi.mfl Handle ID: 0x11e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_ed626ba695a80f1b\fdWCN.dll Handle ID: 0x1278 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.1_none_fc149c68bc8daa04\mshtml.dll.mun Handle ID: 0xd3c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\edgehtml.dll.mun Handle ID: 0x1284 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e7635c5d69e7562e\WcnApi.dll Handle ID: 0xd28 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_10.0.19041.1_none_f323c5809ebfa506\wcnwiz.dll.mun Handle ID: 0xd74 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_10.0.19041.1_none_fd786fd2d3206701\wcnwiz.dll Handle ID: 0x98c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\ieframe.dll.mun Handle ID: 0x1254 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_l2schemas_d7bb5637381de58c.cdf-ms Handle ID: 0x1038 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_reports_a2604845b2b380ca.cdf-ms Handle ID: 0x1a8c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_reports_en-us_04eb81229a78dfb4.cdf-ms Handle ID: 0x1498 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_rules_0bde462ce96f215e.cdf-ms Handle ID: 0x14a4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_rules_en-us_8cd2a7c250e636a2.cdf-ms Handle ID: 0x128c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms Handle ID: 0xd14 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms Handle ID: 0x1824 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms Handle ID: 0x1820 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_driverstore_en-us_f6b4aaeeda14a371.cdf-ms Handle ID: 0x10f0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wcn_06656d8dd047aafe.cdf-ms Handle ID: 0x1128 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wcn_en-us_f42897ed07859b3c.cdf-ms Handle ID: 0x1a90 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_iscsi_6a82841e51a4df9f.cdf-ms Handle ID: 0x1650 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_storagebuscache_f8ef06c6464c2279.cdf-ms Handle ID: 0xd34 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_en-us_4555b1beb1c13883.cdf-ms Handle ID: 0xfb8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_storage_fcdb4bda9a6da24d.cdf-ms Handle ID: 0xee8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_systemresources_0307ca33e1cd9708.cdf-ms Handle ID: 0x19e0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms Handle ID: 0x14fc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_en-us_9e576ab077991fe8.cdf-ms Handle ID: 0x18d4 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wcn_1bf25cffa7664032.cdf-ms Handle ID: 0xffc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wcn_en-us_1f7e1a8c7448ffe8.cdf-ms Handle ID: 0x15ac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x1914 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources_recovery_en-us_38d0190271db68af.cdf-ms Handle ID: 0x1b5c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.1_none_fc149c68bc8daa04\mshtml.dll Handle ID: 0x1534 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\edgehtml.dll Handle ID: 0x1ad8 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.153_none_e74acfe72624a02b\poqexec.exe Handle ID: 0x129c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.153_none_8b2c34636dc72ef5\poqexec.exe Handle ID: 0x1824 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_logs_cbs_10a752bcbbaee88b.cdf-ms Handle ID: 0xcb0 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_packages_46c20bc5f833cc43.cdf-ms Handle ID: 0x1348 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_sessions_5591aee9e2456a35.cdf-ms Handle ID: 0x1724 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_sqm_51d9d5f9de5a2fa5.cdf-ms Handle ID: 0x129c Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0xcac Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.19041.153_887f3f390e0e5b3b.cdf-ms Handle ID: 0xe60 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms Handle ID: 0xa88 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_advancedinstallers_0c6bb4866bff02f7.cdf-ms Handle ID: 0x1650 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x1a90 Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x17cc Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 12544 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x374 Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x6ec Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x6c4 Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_advancedinstallers_0c6bb4866bff02f7.cdf-ms Handle ID: 0x374 Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x6ec Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms Handle ID: 0x6c4 Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x374 Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.19041.1220_887f3fa38d1c67d5.cdf-ms Handle ID: 0x374 Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_sqm_51d9d5f9de5a2fa5.cdf-ms Handle ID: 0x6c4 Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_sessions_5591aee9e2456a35.cdf-ms Handle ID: 0x6ec Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_packages_46c20bc5f833cc43.cdf-ms Handle ID: 0x374 Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_logs_cbs_10a752bcbbaee88b.cdf-ms Handle ID: 0x6c4 Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\poqexec.exe Handle ID: 0x6c4 Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\SysWOW64\poqexec.exe Handle ID: 0x628 Process Information: Process ID: 0x30c8 Process Name: C:\$WinREAgent\Scratch\45EA4133-507B-42CA-9F31-ACA0209EE7DB\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13826 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x359c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x359c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x359c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x359c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x359c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x359c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x359c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:38:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x359c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x7c4 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x7c0 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x7bc Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x6f8 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\bootux.dll Handle ID: 0x6ac Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\cmi2migxml.dll Handle ID: 0x6f0 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\csiagent.dll Handle ID: 0x6f8 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\diagER.dll Handle ID: 0x6ac Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\hwcompat.dll Handle ID: 0x6fc Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\hwcompat.txt Handle ID: 0x6b8 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\migcore.dll Handle ID: 0x47c Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\mighost.exe Handle ID: 0x6fc Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\migisol.dll Handle ID: 0x6b8 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\migres.dll Handle ID: 0x47c Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\migstore.dll Handle ID: 0x6fc Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\migsys.dll Handle ID: 0x6b8 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\MXEAgent.dll Handle ID: 0x47c Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\pnppropmig.dll Handle ID: 0x6fc Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\reagent.dll Handle ID: 0x6b8 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\ReserveManager.dll Handle ID: 0x47c Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\reseteng.dll Handle ID: 0x6fc Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\ResetEngine.dll Handle ID: 0x6b8 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\ResetEngine.exe Handle ID: 0x47c Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\ResetEngInterfaces.exe Handle ID: 0x6fc Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\resetengmig.dll Handle ID: 0x6b8 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\ResetPluginHost.exe Handle ID: 0x47c Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\setupplatform.dll Handle ID: 0x6fc Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\setupplatform.exe Handle ID: 0x6b8 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\sysreset.exe Handle ID: 0x47c Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\unbcl.dll Handle ID: 0x6fc Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\uninstall.xml Handle ID: 0x6b8 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\upgrade_bulk.xml Handle ID: 0x47c Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\upgradeagent.dll Handle ID: 0x6fc Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\wdsutil.dll Handle ID: 0x6b8 Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:38:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\en-US\bootux.dll.mui Handle ID: 0x47c Process Information: Process ID: 0x4e8 Process Name: C:\$WinREAgent\Scratch\1CABEB0F-F357-49ED-B028-96D3CA7C41C5\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 12544 | 2021-10-17 18:39:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:39:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x748 Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x78c Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x6d8 Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_advancedinstallers_0c6bb4866bff02f7.cdf-ms Handle ID: 0x890 Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x4c0 Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms Handle ID: 0x6d8 Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x890 Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.19041.1220_887f3fa38d1c67d5.cdf-ms Handle ID: 0x748 Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_sqm_51d9d5f9de5a2fa5.cdf-ms Handle ID: 0x78c Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_sessions_5591aee9e2456a35.cdf-ms Handle ID: 0x4c0 Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_packages_46c20bc5f833cc43.cdf-ms Handle ID: 0x748 Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_logs_cbs_10a752bcbbaee88b.cdf-ms Handle ID: 0x78c Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\poqexec.exe Handle ID: 0x61c Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:39:12 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\poqexec.exe Handle ID: 0x5c8 Process Information: Process ID: 0x3370 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:56 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:56 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x7a0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x7a0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1000 Account Name: defaultuser0 Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x7a0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:39:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x7a0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 18:40:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:40:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:40:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:40:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:42:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:42:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:42:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:42:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:42:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:42:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:42:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:42:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:42:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x36b4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x36b4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1000 Account Name: defaultuser0 Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x36b4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x36b4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x36b4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x36b4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1000 Account Name: defaultuser0 Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x36b4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x36b4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:43:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:45:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:45:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2021-10-17 18:45:10 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3c58 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:45:10 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3c58 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:45:10 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3c58 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:45:10 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3c58 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:45:10 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3c58 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:45:10 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3c58 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:45:10 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3c58 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:45:10 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3c58 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 18:45:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:45:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:46:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:46:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:46:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:46:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:46:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:46:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:46:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:46:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:46:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-17 18:46:25 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x12fffe This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:46:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:46:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x660 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:46:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x660 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:46:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1000 Account Name: defaultuser0 Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x660 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:46:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x660 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:46:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x660 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:46:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x660 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 18:46:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3c8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:46:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\boot.stl Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\bootmgfw.efi Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\bootmgr.efi Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\memtest.efi Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Misc\PCAT\bootspaces.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\bootmgr Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\bootuwf.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\bootvhd.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\memtest.exe Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\wfplwfs.inf Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AgentService.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVClient.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\autochk.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcd.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BFE.DLL Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bootim.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bootux.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdd.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ci.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\csrss.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FWPUCLNT.DLL Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hal.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IKEEXT.DLL Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iphlpsvc.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iumcrypt.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\keepaliveprovider.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KerbClientShared.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LsaIso.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lsasrv.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lsass.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.AgentDriverEvents.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssecuser.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncbservice.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netiougc.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nsi.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nsisvc.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntdll.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntoskrnl.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\offlinelsa.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasadhlp.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasauto.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasautou.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasdiag.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sbservicetrigger.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\securekernel.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\skci.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smss.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sspicli.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sspisrv.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tcblaunch.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tcbloader.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tcpipcfg.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winload.efi Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winload.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winnsi.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winresume.efi Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winresume.exe Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wshqos.dll Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winresume.efi Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winresume.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CodeIntegrity\driver.stl Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\afd.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ahcache.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\AppVStrm.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\AppvVemgr.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\AppvVfs.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\bowser.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\clfs.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\cng.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dam.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dfsc.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dumpfve.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgkrnl.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgmms1.sys Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgmms2.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\EhStorClass.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\exfat.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fastfat.sys Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fltMgr.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fsdepends.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fvevol.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\FWPKCLNT.SYS Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\iorate.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ks.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ksecdd.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ksecpkg.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\luafv.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\modem.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mrxsmb.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mrxsmb20.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mskssrv.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\msrpc.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mssecflt.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mup.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ndis.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ndistapi.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ndiswan.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ndproxy.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\netbt.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\netio.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\nsiproxy.sys Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ntfs.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\pacer.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\partmgr.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\pdc.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rasacd.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rasl2tp.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\raspptp.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rdbss.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\refs.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\scsiport.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\storport.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\tcpip.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\tdx.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\tm.sys Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UevAgentDriver.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\volsnap.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\wanarp.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\watchdog.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\Wdf01000.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\WdfLdr.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\wfplwfs.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\winnat.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\wof.sys Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\bridgemigplugin.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\MupMigPlugin.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\netiomig.dll Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\autochk.exe Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\bcd.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KerbClientShared.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nsi.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntdll.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\offlinelsa.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasadhlp.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasautou.exe Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasdiag.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sspicli.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winnsi.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wshqos.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_winsxs_installtemp_a7200a27e5239119.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_web_3f580d25a4c8e0a0.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_web_screen_a1e9c2590bec5884.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_waas_401032e7a18c2040.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_waas_services_ddfc4ae175ff1678.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_3f582555a4c8be22.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_writers_08335f148b847d02.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_writers_system_e29eb58bafd8a559.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_writers_application_85e0c568acb2deec.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_tracing_bca9e27848ac4cc0.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_temp_401038c9a18c18c0.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_tasks_4010304fa1e03ae2.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_zh-cn_c63f31ac3bbd74ba.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_winmetadata_047140633426c833.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_19ae85881f1c4f2d.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_b001352a7f7811a4.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_windowsupdate_456cbc9f3764ca02.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_uev_85ae9894702fab2e.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_smbshare_0ed015a1fb5b3049.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_scheduledtasks_1fe822c55d027d5f.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_provisioning_a90c2174ca14f6c9.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_printmanagement_f8eb27b4decad438.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_pki_85aea5cc702f95f6.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_netswitchteam_11ad3eda0a2aa874.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_netsecurity_580a709899c2e5ed.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_netlbfo_80fc9ece463f45fa.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_netconnection_0c47da6c3ce4e77d.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_configci_10d2a1a7f9d9bb92.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_branchcache_dbfd5dc74f864408.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_assignedaccess_f54f90cdde9b353a.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_appvclient_6909a212b041e3a8.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_applocker_127d01beb25ce579.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_wbem_1bf25d11bb30b33f.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_wbem_xml_3f8ffc24c43a2ff4.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_uk-ua_bcbec29049fe1bc7.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tr-tr_bad86a404cd7a0fb.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_bad86ed64cd79762.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_200b1d7e84f3818e.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_windows_4e7d28a223eef37f.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_windows_wcm_7b761a76cb4c075c.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_windows_taskscheduler_4346cbc4150b5b5f.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_windows_remoteapp_and_desktop_connections_update_537d8a8a24b3a619.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_sru_1bf25359a7665016.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_sr-latn-rs_f675dc9d3d7875cf.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_spp_tokens_skus_csvlk-pack_a04c4b36b1c86210.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_spp_tokens_ppdlic_ee939189101570f7.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_spp_tokens_pkeyconfig_b2fdf59e46c165ae.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_voiceactivation_64af56b9bf516892.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_engines_tts_3ffb0757669d4b88.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_engines_sr_d9a4a4f7ccdfa5ac.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_common_3ac1627a1b848769.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_common_en-us_93d22aa1fb70f6d5.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_speechux_27aa9ae49ec13adf.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_engines_tts_44a2fb68bc2a57e0.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_engines_sr_d5815721f6360684.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_common_b84a7a708e507091.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_sl-si_b8f1e2684fb16c1c.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_sk-sk_b8f1e6584fb16619.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_setup_b8f1f0fc4fb15499.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ru-ru_b70b8052528b002f.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_recovery_359f81e4d381fca3.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_rastoast_364fa07cd1b29d4f.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ras_1bf253d3a7664da0.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_pt-br_b33e8b90583e6f27.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_pl-pl_b33e814c583e7dc3.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_perceptionsimulation_6daff02c38dce186.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_oobe_1bf24c07bb30ce37.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_nui_1bf24957a7665fb2.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_nl-nl_af7192185df1e48f.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_networklist_fac29f16fb5be78a.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_networklist_icons_0ad2dfa4d19a0c98.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_networklist_icons_stockicons_3f4e81997d25c7f4.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_msdrm_ad8b1b9660cb9689.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_migration_bdcfa47e8790e0c4.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_mailcontactscalendarsync_c7a6885fbdf0ab11.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_macromed_flash_853cbcf10f17f618.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_lv-lv_aba4b47863a5320b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_lt-lt_aba4b0f463a5371b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_logfiles_windows_portable_devices_ed9529c6a0cda444.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_logfiles_sam_5371e95113e53c10.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_logfiles_lsa_5371ea7113e5392b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_licenses_neutral_volume_professional_81e94ea00d535798.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_licenses_neutral_oem_professional_4d95b036a354f599.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_licenses_neutral_default_professional_2a2c080b72ab118c.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_keywords_287e3848e6b7ce36.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_it-it_a5f14a266c32514d.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_installshield_b5853d7fd6c30e20.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_inputmethod_jpn_5a48f27b9306a1e5.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_shared_19ff36aa43ebd16a.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imetc_0f296d620e0c52d5.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imetc_applets_4cc083d5c906ff5a.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imekr_0f2989dc0e0c2815.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imekr_dicts_ae54c41430477586.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imejp_0f2986100e0c2dc6.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_he-il_a40ac5786f0c16bd.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_grouppolicyusers_44ab3d75342e5a9d.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_grouppolicy_865e318ee53f8967.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_fxstmp_3ddf405592144fb8.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_fr-fr_a03ddfd474bf708f.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_fr-ca_a03dbf8e74bfa0f5.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_f12_1bf23f09a7666be5.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_et-ee_9e574f447799499c.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_en-us_9e576ab077991fe8.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_driverstore_9d5a0097549f0abb.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_drivers_193c6528ad70a5e7.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_dism_1bf2381fbb30eb13.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_diagsvcs_1a70cad8fcb82ce4.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_397022e597c7bf30.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_systemprofile_936cc011f8712e92.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_systemprofile_appdata_09753eb0ca774ef7.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_systemprofile_appdata_roaming_3bee7e22f285c764.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_systemprofile_appdata_locallow_062ee28842850640.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_systemprofile_appdata_local_0bd41f8b89ae9a9e.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_regback_520dcf8c985ef2ff.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_com_1bf23555a7667cfb.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_catroot_19d09cfeaa84d098.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_catroot_f750e6c3-38ee-11d1-85e5-00c04fc295ee__ada83e5211e1e29e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ar-sa_96bd698c83002208.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_applocker_9faecc9d3543428d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_advancedinstallers_0c6bb4866bff02f7.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_0307ca33e1cd9708.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_0eb1b891774fd848.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_pris_ac5770c7358d5c72.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_networkux_assets_fonts_b2b933f3581daf2c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_devicesflowui_fonts_f1a73aa6a3f2ec91.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_clockflyoutexperience_7ce6d31c57740cd3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_clockflyoutexperience_assets_15857ed2e840b8f6.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_clockflyoutexperience_assets_fonts_3fa5855c97ee0980.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shell_ed9cce24fb22aa2f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shell_images_7b0bb7853b1139af.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingshandlers-nt_7298028ee386990a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingshandlers-nt_pris_71a69ceed5129daa.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_0b97cbddb6bef8ee.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_systemsettings_6f826ed139dc38ac.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_systemsettings_assets_b04b2dbada91ba13.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_systemsettings_assets_fonts_e1429b15bb7a603f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_pris_c69f4420e8b9ac96.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_80571585edc0bc10.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_systemsettingsthresholdadminflowui_a2baca8046478552.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_systemsettingsthresholdadminflowui_assets_5ec4ff00d0d98653.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_systemsettingsthresholdadminflowui_assets_45f5e040701cd097.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_pris_8eb5d62ebc93ca12.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.search_ed9cc5a2b23bcffb.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.search_images_3ce3c49a17a92a93.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.printdialog_bd64301dff14d784.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.printdialog_pris_0268448be4f886da.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.pcshell_f32245a82a039128.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.pcshell_peoplepane_assets_1773a8a6e1ab2266.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.logon_ed8ece16fb61b4e6.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.cred_bcedbcd156367aa9.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.cred_pris_3a09dccabb9004ab.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.blockedshutdown_d158b688ceb68e8d.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.biofeedback_43050837db14ffaa.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.biofeedback_fonts_95ff9f4f3fcf1508.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.systemtoast.calling_40954ac04ff75ba9.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.systemtoast.calling_images_ab93f75fc87b1c0d.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.parentalcontrolssettings_17e5c3595e118a55.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.parentalcontrolssettings_images_c0abb9832f16a4ad.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.management.autopilotresources_6cb9ff52085b35f4.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.management.autopilotresources_pris_5aaecd275f362302.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.applicationmodel.lockscreen_d0e0107729c97a93.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.applicationmodel.lockscreen_pris_de46d3c67a43a587.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows-nfc-semanagement_63ed886ef5f2afc3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents.switcher_5e79548f3d2c4397.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents.switcher_pris_94c471057dd46b83.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents.dragdrop_55ff5097494a24ff.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents.dragdrop_pris_7ac57702a890a0bb.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents_ef2e86c7db17ea16.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents_timelineui_0c27ba1219a6e41b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents_pris_dff16390a591c0b8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_microsoft.windows.sechealthui_5bb2238b2acc9da0.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_microsoft.windows.sechealthui_pris_0302f8ba338f56e0.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_callingshellapp_9a8b950cdeee06ad.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_callingshellapp_assets_f8f8f553bc76ad92.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_callingshellapp_assets_fonts_a6a41a0eafc8c1ca.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_windows.cbspreview_cw5n1h2txyewy_22550f63a4546e7d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_windows.cbspreview_cw5n1h2txyewy_assets_425ce7167ecf33ea.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_e21c90d9487ed242.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_pris_3818bc2422f945c8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_assets_7b05f0549cbec22d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_parentalcontrols_cw5n1h2txyewy_279dce154aea2ac9.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_parentalcontrols_cw5n1h2txyewy_pris_dce7f2ada50375cf.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_parentalcontrols_cw5n1h2txyewy_assets_a55aa1bc343589de.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_ncsiuwpapp_8wekyb3d8bbwe_9755e557b5c19fb1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_ncsiuwpapp_8wekyb3d8bbwe_pris_960d7e855e108c1b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_ncsiuwpapp_8wekyb3d8bbwe_assets_224604415da008f6.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.undockeddevkit_cw5n1h2txyewy_77a329df185f5721.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.undockeddevkit_cw5n1h2txyewy_assets_ebc1b7ef05677316.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_da484f523662e470.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_807d4ebff2f5c7b4.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_screenclipping_6fe9167b23648d3a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_screenclipping_assets_6c4152be17b5f9d3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_screenclipping_assets_sounds_e18e7a64d7b2bdc7.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_screenclipping_assets_fonts_4ae7d45101bec9a1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_assets_1496f026de9c54a1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_pris_07f2444136ecbb7a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_irisservice_d21869ac19d9607c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_2e34c2b1522dcef5.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_inputapp_05d9c76fbd2ec310.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_inputapp_assets_449a73b3bb876317.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_inputapp_assets_ninja_2d442cc31acccb4b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_inputapp_assets_fonts_2e648423184414d5.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_assets_2da43068333158be.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_assets_ninja_d45b4e66728b3a3e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_assets_fonts_c527b2ea8958a424.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_assets_dictation_39a0f8a370b329c3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_assets_636244f24a04b545.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_appxmetadata_76835224a6509a72.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_f20e4c4d4e876b3f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_themes_1f2d670dacd61c23.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_resources_0058419ed0e268cc.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_90648820b0a2252d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_titleachievement_feba1e22114ab440.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_profilecard_d81353263056fe50.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_peoplepicker_699dc213009f5408.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_invitefriends_51f8dc5582c842ab.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_debugdashboard_9096171787e858d2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_connectedstorage_bb7f4c5629f8f5c1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_checkpri_e7a4ee77932b19b6.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_changerelationship_c052060eb138afed.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_fonts_91ccfd4ead7732a9.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_21a00c89570906c4.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_titlebar_c5b3637bfa36fded.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_progressring_b01128edcbae037b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_profileheader_55aa9a2093bcc92c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_person_3c04788c233ce0e3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_peoplelistview_1bb0b63e2dcefe4a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_general_3d48ad2ec589c0e0.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_gameprogress_49d06eeb9e1c5017.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_contenttile_3214cfe0629be901.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_changerelationshipbutton_31a39d400d51dd10.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_assets_21f0037fa66ea49e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.xgpuejectdialog_cw5n1h2txyewy_6f3e12c2a894df22.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy_d32a9d6ca3506cf2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy_assets_84da0fa1380edf65.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.secureassessmentbrowser_cw5n1h2txyewy_5c9bcd2fbb5568e6.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.secureassessmentbrowser_cw5n1h2txyewy_pris_4411c1f8ffbde214.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.secureassessmentbrowser_cw5n1h2txyewy_css_97fe2d3982e9ff53.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.secureassessmentbrowser_cw5n1h2txyewy_assets_2482c5a7df075309.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.sechealthui_cw5n1h2txyewy_8cdc4a2b89a0ce24.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.sechealthui_cw5n1h2txyewy_pris_1e3a1ba250c479fa.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.sechealthui_cw5n1h2txyewy_assets_2c72493351d74c03.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.sechealthui_cw5n1h2txyewy_assets_fonts_6ccf17025b49a9e7.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.search_cw5n1h2txyewy_ab79f6eb1dc17af5.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.search_cw5n1h2txyewy_pris_64363bbbf72dd541.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.pinningconfirmationdialog_cw5n1h2txyewy_46d0147d9d0e7625.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.peopleexperiencehost_cw5n1h2txyewy_f7fd95c23bab9f94.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_80e99b2c380ce386.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_e1ee1f244749a46e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.narratorquickstart_8wekyb3d8bbwe_aa4229d57e07074a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.filepicker_cw5n1h2txyewy_7f0cdb3cdcf67613.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.filepicker_cw5n1h2txyewy_pris_b04c47d5ff5f14ed.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.filepicker_cw5n1h2txyewy_assets_fb9af0810a32fb5e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.fileexplorer_cw5n1h2txyewy_4a81d77affb96b12.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.fileexplorer_cw5n1h2txyewy_pris_bf3c7b21cedb4b7a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.fileexplorer_cw5n1h2txyewy_assets_b49608cc4f09e72b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.contentdeliverymanager_cw5n1h2txyewy_6369fdd3e5ab0989.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.contentdeliverymanager_cw5n1h2txyewy_images_f48d365ca6bf839f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_e92250ef2519d1f6.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_0c3414e5ea9b964c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_unifiedenrollment_608128e0971fe102.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_unifiedenrollment_views_ab3b53e7951674ac.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_unifiedenrollment_js_c50fa6bbbb7c87b1.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_templates_2902e194c40c2d99.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_templates_view_fa144ce8b696a5f6.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_templates_js_30c977d57667d018.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_surfacehubdeviceuser_40a8494b26aff035.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_surfacehubdeviceuser_view_878bf08afd4f7608.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_surfacehubdeviceuser_js_b837e3558be51686.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_47e577bfb89f66ff.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_view_ffe5b70b18357b66.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_media_2e29d64a701c210b.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_js_2be3c432c2ce3ede.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_js_common_5c49fd1a5570d1f3.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusivesspr_d9ae0f7fd2cccc94.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusivesspr_view_a30cd40228c98533.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusivesspr_js_04768872769d851d.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_d9ae09c5d2ccd3fb.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_view_9d516b3c2e3e1a84.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_view_templat_72e2a4dd8431fbed.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_view_autopil_c15d914491ef8c5d.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_media_fff1539a1a4e3fb7.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_js_fed525f87d913b20.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_js_common_9b35fdf5c98f69bb.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_js_autopilot_7c3101fe157db81d.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_css_9d5145ddb46283ae.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_hololensdiagnostics_views_d5eef763b212983a.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_hololensdiagnostics_js_8c1a5a20ff89a7b5.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_enterprisengcenrollment_82255765359ba571.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_enterprisengcenrollment_vi_7e71e645381609fd.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_enterprisengcenrollment_js_c58adfa13ec3cacc.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_antitheft_24a5fefd01d630ef.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_antitheft_views_c7398a706c782c0f.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_antitheft_js_08cf6efb11d0da96.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_views_f55d581a0acbb522.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_f55759080d09bc14.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_4009_f24be8641cd5eaeb.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_1009_f24be8d01cd5e9f8.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0c0c_f24bfc161cd5cc82.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0c0a_f24bf84a1cd5d234.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0c09_f24be91a1cd5e8fc.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_080a_f24bf8341cd5d297.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0809_f24be9041cd5e95f.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0804_f24bdf861cd5f79c.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0416_f24be34a1cd5f20f.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0411_f24bd9cc1cd6004c.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0410_f24bd7e61cd60325.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_040c_f24bfbf81cd5cd09.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0409_f24be8fc1cd5e983.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0407_f24be5301cd5ef35.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_retaildemo_d6007de2c4449ca2.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_pris_4436110b27fc8d08.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_microsoft.winjs-reduced_36e69b3b0e7ecf70.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_microsoft.winjs-reduced_js_c3e6a46e6987d93b.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_microsoft.winjs-reduced_css_1f290cb460a43b49.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_media_f54b539a0b1cc81a.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_lib_b0f47f90f3500a51.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_js_91283bc423026fc5.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_images_f5434c400d60dd7c.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_fonts_f53d61bc0b5bbe04.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_data_4436285d27fc685e.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_data_prod_c85cee3a7af640ef.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_css_b0f49fc4f34fda43.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_443623ff27fc6f6b.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_view_c303ad0c866a9c46.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_js_2a738435bdbe8f70.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_js_applaunchers_de40849bf361043c.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.capturepicker_cw5n1h2txyewy_a6a11caf60726833.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.callingshellapp_cw5n1h2txyewy_c0246e5a4e3e550c.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.callingshellapp_cw5n1h2txyewy_pris_6a0f765a48ee4b44.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.callingshellapp_cw5n1h2txyewy_assets_ea79be798cb01049.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy_29da24b0fd93bf69.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy_pris_739c1e49050f5c39.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy_assets_c21827d4b5b1e098.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.appresolverux_cw5n1h2txyewy_b9e567f99535ffbf.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.apprep.chxapp_cw5n1h2txyewy_f66b8c80bd9c0bf7.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.addsuggestedfolderstolibrarydialog_cw5n1h2txyewy_42e3ddae53f1a7cc.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.win32webviewhost_cw5n1h2txyewy_dc7f0351d4ad5d00.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.win32webviewhost_cw5n1h2txyewy_pris_cff87b484a86df16.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.win32webviewhost_cw5n1h2txyewy_assets_01a46ab27cf3e943.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_9e9a8bf16c9ce6fb.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_43d095bdcce4e130.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.lockapp_cw5n1h2txyewy_6f26550558264bb4.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.lockapp_cw5n1h2txyewy_assets_e61eed4a8582e20d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.ecapp_8wekyb3d8bbwe_ac10c70bb3589f82.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.ecapp_8wekyb3d8bbwe_assets_ae58e904a4695adf.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.creddialoghost_cw5n1h2txyewy_eb70173831f35b36.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.bioenrollment_cw5n1h2txyewy_0e6f6a5d1f5a1430.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.bioenrollment_cw5n1h2txyewy_pris_f9ee3e9148083766.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.bioenrollment_cw5n1h2txyewy_fonts_f2b30f7dd2e0fe08.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.asynctextservice_8wekyb3d8bbwe_3d79f655ade1fc1f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.accountscontrol_cw5n1h2txyewy_fc38de406c5c8223.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_d48a5fb790740a92.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_pris_8c9cc4e4b2c16ab2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_css_af32787f971fc4dd.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_assets_4318eb5d347aa2b1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_zh-tw_6a84aa664900aad6.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_zh-cn_6a8499504900c466.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winmetadata_0c48e99293678cff.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winevt_39519e6af36cf6a7.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_a349059b05097caa.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_windowsupdate_f5f9c8b88a63903a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_uev_36c96168b9ff01a8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_startlayout_89ada30b656c9d28.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_smbshare_b160c489ca4b107d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_scheduledtasks_bfe47342c8da5f0b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_provisioning_59992d8d97512395.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_processmitigations_4429159c1e265c67.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_processmitigations_en-us_aedc7d6b41f2b385.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_printmanagement_5ab1cbf6969b793e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_pki_36c96ea0b9feec70.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_networktransition_83019b0f48dd3395.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_networkconnectivitystatus_1cd234f050633c27.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_netswitchteam_c23a4af35d296eac.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_netsecurity_1f2dcf39815a9f67.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_netlbfo_dfa61a2ec6bf8e00.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_netconnection_bcd4e6858fe3adb5.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_directaccessclientcomponents_1679aa5ffe54cac8.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_configci_b363508fc8c99bc6.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_branchcache_a320bc68371dfd82.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_assignedaccess_954be14b4a7316e6.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_appvclient_f101ca87a5fad6fc.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_applocker_b50db0a500311141.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_facedriver_1cf62c11bac4d1af.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_facedriver_amd64_a24e7f3c1523e31d.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbiodatabase_8ca29eba075c22c3.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_xml_026f0f207227ebbc.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_en-us_4555b1beb1c13883.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_unp_06656839d047b419.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_uk-ua_61042a3457416b73.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_a67c0a7b7fef87b3.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_wcm_0421771703a48028.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_taskscheduler_2a138755a33c530b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_remoteapp_and_desktop_connections_update_c0beaecbfc21a5e1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_systemresetplatform_14fecc2716acccef.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sysprep_f7b45b8dfed1b768.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sru_066563e7d047bae2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sr-latn-rs_36d1e04b1e65a349.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_serverrdsh_59647a09f002b541.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professionalworkstation_7ab478a3d1f596f9.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professionalsinglelanguage_d9d84093a75f0740.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professionaleducation_26986f1f25caf246.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professionalcountryspecific_6cbf9678f9f9bb86.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professional_a933d9880344b1b8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_iotenterprise_22e013631613af56.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_enterprise_bc64f038d2d7a6d4.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_education_eb248cb951678951.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_csvlk-pack_7cc2fe5a710dd58a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_pkeyconfig_d8fc0830c525895a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_store_2.0_774a618ff1521716.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_plugin-manifests-signed_d1e9d31c180bebd2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_tools_e03b2d8f300154a4.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_servers_02b04ba79d79f697.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_prtprocs_x64_bfba530a0f4e6934.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_printers_420476df024372d2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_drivers_f1780fdbb7b569a2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_voiceactivation_57f72a0344e2d398.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_engines_tts_1c71ba2a25e2bf02.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_engines_sr_44c0fa140b306d00.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_common_60bf750299e8ab15.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_common_en-us_1c7d86f233c96fa1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_speechux_bf4b53e8d47da913.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_engines_tts_181a16025b64685a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_engines_sr_f5f77fb9283237d8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_common_8c297630658eaa3d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_smi_06656483d047b9b9.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_smi_schema_b445cd341d59fadc.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_smi_manifests_0e3cdef1f9ad7c5f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_shellexperiences_9b5d98059e822373.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_setup_5d3758a05cf4a445.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_recovery_f87e94e0816fb86b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_rastoast_f92eb3787fa05917.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ras_06656461d047b86c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_pt-pt_5783f7006581b92f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_pt-br_5783f3346581bed3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_proximitytoast_89be8a54a4ea9384.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_pointofservice_protocolproviders_2983613e12f0b590.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_perceptionsimulation_782fb292607e7bbe.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_perceptionsimulation_assets_26be616134e2f347.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_openssh_f142c5dc07dcf27a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_oobe_06655c95df2fa06f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_nui_066559e5d047ca7e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_networklist_029a48465a9cac56.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_networklist_icons_2b49083c03963dec.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_networklist_icons_stockicons_c7f9dde8d52dc62c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_nb-no_53b700d66b352886.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_msdrm_51d0833a6e0ee635.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_2650d8d30fee1fe9.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_174c7b92bb7d581f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_windowssearchengine_145004789b880a4a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_sppmig_61344cc740310c55.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-textservicesframework-migration_55ee7b7ed7f684bc.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-terminalservices-licenseserver_cff2bf5f876a8fcd.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-terminalservices-appserver-licensing_10d3d9d862990d9c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-rasserver-migplugin_2a8b8a2e22dfd44a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-rasapi-mig_89227d840be1b2ac.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-offlinefiles-core_3b64983f65339578.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-ndis_b44547c729f73574.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-mup_6effbe5ec5d3b4ea.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-iis-rm_9ee468490d6de347.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-directoryservices-adam-client_acf5a5eb145af9c7.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-com-complus-setup_baabf1eac7649bb1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-audio-mmecore-other_5137bedd30b4e5d8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-international-core_05a14960964e6af4.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-activedirectory-webservices_fbfc8031b6420fb6.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_hwvid-migration-2_ca0f38881c779a37.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_f1386c432966667b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-wmi-core_0fa6ec0ad029fddb.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-textservicesframework-migration-dl_549205906affe6bf.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-tapisetup_0be6007940c10533.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-storagemigration_d55783f2ccb64b27.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-msmq-messagingcoreservice_a2ca72db0bdebee3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-directoryservices-adam-dl_6c3018cc6f347ede.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-com-dtc-setup-dl_a3b468532c03dbe0.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-com-complus-setup-dl_1ee4026d5f5876ce.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-bluetooth-config_40d5c57bfa898bfd.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-adfs-dl_893986f097ae8ea9.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-activedirectory-webservices-dl_b2cdce29afb29e47.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_mailcontactscalendarsync_1fa56a2f18ed9ed9.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_macromed_flash_5ff3bc7496f0271e.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_lt-lt_4fea189870e886c7.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_windows_portable_devices_dcf2285bde880198.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_scm_5b4992849d2e7236.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_sam_5b4992809d2e7248.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_firewall_488be49cc4415d55.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_fax_outgoing_3112287f9a6542fe.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_fax_incoming_4110174d81df3adc.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_cloudfiles_4f1ca5d4f4bf5aad.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_licenses_neutral_volume_professional_7a83c2f800cfb9d0.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_licenses_neutral_oem_professional_3cf2af13e10f52ed.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_licenses_neutral_default_professional_88d58373f32b5992.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ko-kr_4e039de673c23e4a.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_keywords_eb5d4b4494a589fe.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_inputmethod_shared_6eb54fb4ad19ef1c.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_inputmethod_jpn_f1e9ab37c8c31019.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_inputmethod_cht_f1e99f19c8c3214a.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_inputmethod_chs_f1e99f17c8c32153.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imetc_e3d3eac2a148ee29.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imetc_applets_6d36ac75fb0330ae.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imekr_e3d4073ca148c369.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imekr_dicts_45f57d216603e3ba.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imejp_e3d40370a148c91a.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_icsxml_1f8f393b196e65ae.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ias_0665534bd047d20d.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_hr-hr_485036ac7c4f596f.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_he-il_48502d1c7c4f6669.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_grouppolicyusers_dc4bf95b336ab265.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_grouppolicy_8e35dabe44804e33.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_fxstmp_16e717d128a223be.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_fr-ca_448327328202f0a1.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_fi-fi_448337a68202d703.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_f12_06654f97d047d6b1.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_et-ee_429cb6e884dc9948.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_es-mx_429cdb1e84dc62e4.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_en-gb_429cb20e84dc9fef.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_el-gr_429cd0b684dc71bd.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_driverstore_a531a9c6b3dfcf87.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_driverstore_en-us_f6b4aaeeda14a371.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_dism_066548addf2fbd4b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_diagsvcs_dd4fddd4aaa5e8ac.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ddfs_06654947df2fbc31.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_da-dk_40b64d5e87b63595.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_1277fa612e559336.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_9dec82772012c8ca.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_92209b51227f4d2f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_roaming_3488f27ae602299c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_locallow_ecfb9e22d0b5fdec.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_local_bceee85fd37df118.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_regback_2cc4cf1020372405.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_com_066545e3d047e7c7.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_tokens_staged_5ed4ee4981241ad6.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_tokens_active_613b86cd7c09d968.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_staged_276d48e6ef8844ae.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_internal_c92a000dc3e74fc1.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_active_29d3e16aea6e0340.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_catroot_dcafaffa24ca18cc.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_catroot_f750e6c3-38ee-11d1-85e5-00c04fc295ee__0f6ee2e4c9b287a4.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ar-sa_3b02d130904371b4.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_appv_066541f9df2fc831.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_appraiser_59bebec9f06db09b.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_applocker_745949fdc87fdde1.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system_4c3aa2308f9f8f41.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system_speech_00e1f005eaf69ef5.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_86042ecd14dccb9c.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_engines_85d79caefa9ac893.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_engines_tts_8edca57574a98a4e.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_engines_tts_en-us_f904ad554a6fa916.cdf-ms Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_3b206622a946e834.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_engines_8a294d630e90192b.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_engines_tts_4e06b8e5aea05fb6.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_engines_tts_en-us_5bd3d35b5669eef6.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_skb_3f581889a4c8cf86.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_skb_languagemodels_98bad1d95769c9e6.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_shellexperiences_2912c63bd045ac45.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_shellcomponents_dea969d8d78d1fee.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_en-us_62939e786cb82928.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_editions_596ea20ddafb9f7d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicestate_5273c861cc221018.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_security_fe3ad40cd6e08c7c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_security_applicationid_303d08827723c8a3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_security_applicationid_policymanagement_b5142bd66f34788c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_9f2c881475a483d6.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_tsworkspace_8eac79c1e59127ee.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_provisioning_4f8636d1a1a523e7.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_eaphost_52e2de002c0b1796.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_codeintegrity_28b32c0f4161f4ca.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_codeintegrity_examplepolicies_83fa074d09c5bf54.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_availablenetwork_aaf14dcc87fea431.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schcache_f995a5d4decb8cc0.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_remotepackages_a62bd8dd89fea431.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_remotepackages_remotedesktops_873149a9e18f9d12.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_remotepackages_remoteapps_d27fb1f10021e565.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cc9458acec1840ff.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_packages_e07c8f8a91f541c4.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cosa_b2feb78251a8a259.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cosa_oem_c5f03ab2bad804ca.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cosa_mo_c5f03b0eb90452f5.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cosa_microsoft_77338a94bd8669dd.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_autopilot_705495c13beba2f8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_printdialog_af71281e89102b83.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_prefetch_1688e4e8b2f89473.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_89130cdfc4d9c27c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_pla_rules_0bde462ce96f215e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_pla_rules_en-us_8cd2a7c250e636a2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_pla_reports_a2604845b2b380ca.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_pla_reports_en-us_04eb81229a78dfb4.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_media_401039ffa1d92906.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_logs_settingsync_4385493191389478.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_logs_measuredboot_ab1fadc53c86b337.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_livekernelreports_13126bbee8c1252a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_languageoverlaycache_97a399b6551f8564.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_l2schemas_d7bb5637381de58c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_installer_0d1280e2e633dc00.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_wsearchidxpi_a2c41dc1731a4204.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_wsearchidxpi_0000_2e6e3f1caf9fca20.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugthrsvc_9c5b081f28f83f11.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugthrsvc_0000_8451c300df70be5f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugatherer_9f1f9c5b6cd50d98.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugatherer_0000_046b5203f9ca3f14.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_termservice_f0fb244350031192.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_termservice_0000_f96d5ce56bc76fc8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_tapisrv_20c65cafb424239c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_tapisrv_0000_2e9995ea1b86323e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_pnrpsvc_3932681b8fb41c9d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_pnrpsvc_0000_43733b07fe2eb83f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_lsm_b45be09c559d6e1d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_lsm_0000_b44cadf303cf745f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_1e6ccf0e6a91b570.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_systemsettings_d76332102e6a9a22.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_systemsettings_view_34ee44a07ef70449.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_systemsettings_assets_6ba5b2461d9725af.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_settings_08eec740d2195455.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_pris_a05890fcf353f1d8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_images_2e6232377292b2dc.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_en-us_83c2a5ee73a54528.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_ime_imetc_0d348c40e45e62ef.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_ime_imetc_help_7cd8fd160d71b81c.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_ime_imetc_dicts_b6bb60758b345dca.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_ime_imekr_0d348c2ee45e634f.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_ime_imekr_dicts_b6a95c078b94756a.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_identitycrl_e7d9c9e97cfb8b01.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_0fc22903a221b67f.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_time_zone_08f498d155d3913e.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_icu_0b932b2a9cc9f858.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_gamebarpresencewriter_399bc064b3f5d585.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_en-us_40104e69a1d105cc.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagtrack_0600d0deecd2b5a2.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagtrack_settings_56f8a3f40ce5a801.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagtrack_scenarios_ce5f6e43b7ab3f41.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_e6d66275c6e4d14a.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_d78913b7f0741b59.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_system_bluetooth_226e618cb56e004d.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_cursors_bff8b8b245707919.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_containers_serviced_07c9b2b35f82b615.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_40104b85a18bfcb2.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_pcat_0f8924c0debe64e4.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_pcat_qps-ploc_109d95b40d3e11cb.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_misc_pcat_6b00b12988eafd38.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_efi_0f890f82be247f42.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:14 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_de3c4ceb52549e1c.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_en-us_8245c3aed97c0844.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_bcastdvr_fab1ebc0dbf2dacb.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appreadiness_b6ba89081e320d85.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_en-us_098dc872781aebb9.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_customsdb_3bf1ff155493adb9.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_custom_2adff76bea4847ec.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_custom_custom64_12107ab6726c35e5.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appcompat_appraiser_33781004733ffeee.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_8c076a3be22985a1.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_videos_20f7329ef941f593.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_pictures_f5e7b0c0fda4db8c.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_music_8c1f3dc399e79184.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_libraries_de6591322faedac0.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_downloads_631cc37cff593fe6.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_documents_70461e22eba239ef.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_desktop_2377dac7383055bd.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_73615b64075aa65f.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_videos_4078dfd58aff2cd5.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_saved_games_57aaea1c026aa551.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_pictures_209185c2b71537e4.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_music_4066f7392302d756.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_links_4064ed15230be7d0.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_favorites_d09a481c8ccc2a28.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_downloads_d0a063ac92c2c070.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_documents_a9a4e48ccdf32dcf.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_desktop_39aa59e1159d1203.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_33f0d5f51e505ec2.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_482f0bdd00d1643d.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_b898cfd29d5951f1.cdf-ms Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_4793cab2f72cc262.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_templates_9327e87141b4e78f.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_5eb528778fd8d821.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_programs_8181428e5873cb4e.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_programs_accessibility_1fe25fac404028a8.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_sendto_cc2b2363b7303311.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_recent_ca449f9bba09f987.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_network_shortcuts_cbcbd4ac7028a985.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_internet_explorer_quick_launch_c0ec1d6b06e5808b.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_bc5dd6ae41aaaeeb.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_temp_3274946c96022019.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_3433db0fbe07ab7f.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windowsapps_522fbbfd57c17136.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_9e28651fd972d480.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_inetcookies_706c818672b5499f.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_inetcache_93b6f38324ca2118.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_history_f4337fe0129e212c.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_gameexplorer_5a14824a005868dd.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_inputpersonalization_traineddatastore_77a848f48ef56331.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_windowsholographicdevices_da35b7d83993eebe.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_windowsholographicdevices_spatialstore_d5a1eb12b1c88209.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_usoshared_logs_user_cc47ba2ac1c4ac78.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_usoshared_logs_system_1d654048a9eadf5a.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_usoprivate_f18983166baec8e8.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_ssh_538e540ae643d2cc.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_softwaredistribution_ae0bdc9bb1bbdfab.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_fe5c6d762edd2110.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_security_health_ef9cc294168a8b97.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_security_health_logs_d0133fe6679072ac.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_security_health_health_advisor_caf4bd491726b327.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msscan_549c401cd5c756f4.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_b4e458a72482d5c6.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_virtualinbox_343012079dc9af5d.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_virtualinbox_en-us_9c5e5cbcf8e8df85.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_sentitems_ddb1524f373a2508.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_queue_0c90e35728890c03.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_inbox_0c90d66d28811d50.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_common_coverpages_642a277e0ccb775c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_common_coverpages_en-us_eec635e583fac604.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_activitylog_02f89ec2f88038bb.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_827f103853495477.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_trace_948df0f7e3c42652.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_temp_7268e2d9fd6b25f5.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_temp_psscriptoutputs_3a0e1d2536445291.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_downloads_9aff56413f03e0ba.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_datacollection_a0b92996ab2dc299.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_cyber_946bea51e45d4954.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_cache_946bebb1e45d47cb.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_8c225bc560faa67e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_definition_updates_d3c2d4757cf0b9a3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_definition_updates_default_44e57bb5c1e3d0e8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_clean_store_2869cfb5407c50f8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_cae2264614449191.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wfp_1409fc168e700932.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_temp_783673b09e921b6b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_reportqueue_9ca35f30fc68b178.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_reportarchive_5449504010b82c41.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_templates_15e72976404301fc.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_fde55420546edfe6.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_d672ba09d81e87ff.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_system_tools_fde5decba5bb578b.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_startup_b13751030220a596.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_administrative_tools_50eba26877c48094.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_accessories_bb30590aa3d31891.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_accessibility_1152534229f98ea5.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_retaildemo_235295a6167f1c31.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_retaildemo_offlinecontent_287c1f66975af721.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_retaildemo_offlinecontent_packages_bfcdebcc9ac9ef74.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_retaildemo_offlinecontent_microsoft_53a3137a3de96b65.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_retaildemo_offlinecontent_microsoft_content_e8db5309f86131b4.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_retaildemo_offlinecontent_microsoft_content_neutral_fb28470e79dbd425.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_parental_controls_bea881b14dc7da94.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_parental_controls_settings_8a26e500c57de871.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_packagedeventproviders_c79719361ec06661.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_onesettings_d58936a49a7f4b26.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_gameexplorer_eb83b477ca9834cc.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_devicemetadatastore_2e1ff34936d2e8e5.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_devicemetadatastore_en-us_cc94fe8746890b55.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_debc96072b71b0d5.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_install_149a5029c4c64782.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_import_865699c21a2ad5a2.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_genuineticket_d7322dcf4073011e.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_archive_f622c70ff2ada08b.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_apprepository_3e49394d38e6ac94.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_apprepository_packages_711aa2dd7039ca9d.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_apprepository_families_5e2e105f8c5e974e.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_vault_72f09c1eedd2d856.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_user_account_pictures_eceaafe818cb6141.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_storage_health_9e678c58bd8432a1.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_speech_onecore_587c58cfbeda0062.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_spectrum_1dcb4f178cfd5701.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_smsrouter_de9db7c47456f048.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_provisioning_929be8282aecbf17.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_provisioning_assetcache_8fbe865af4949dd7.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_provisioning_assetcache_cellularux_843105bb528cd98c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_network_downloader_7fafaef6d33e4371.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_network_connections_2e5c3accd04dd407.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_mapdata_ce9aee460ee372ae.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_siufloc_1bf9debdc7c4c9b2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_devicesync_d6b7928aa153816d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_device_stage_task_07deb856-fc6e-4fb9-8add-d8f2cf8722c9__0ce7c057892d5774.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_device_stage_device_8702d817-5aad-4674-9ef3-4d3decd87120__8740ea4a07ab72cd.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_crypto_pcpksp_windowsaik_cb9775b914a8e5a2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_appv_setup_c6b9e738c86ef84a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86__676bbe2c7241b694.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_photo_viewer_a7a2292bcc87c94b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_nt_75867948982b5de9.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_nt_tabletextservice_7af8121010a6df81.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_media_player_e9607c93dd43c2ea.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_media_player_visualizations_93a092c4c2e55b5f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_media_player_network_sharing_f29a3dd721834a7e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_media_player_media_renderer_750773e49fdbfa5b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_media_player_icons_b0582fd1fc3de13a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_mail_fc7b184dbf576a4a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_defender_2ba1d62d9bcc00c8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_defender_en-us_7bf99e1315297778.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_internet_explorer_cafab575245eacb0.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_dfa3680ec228c528.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_681b9383b994c86d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_ole_db_17fcdbc86fee8f8b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_msadc_607f0693c9effa29.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_ado_32a3d3ab7409acd3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_635c287ec97ec0a5.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_vgx_9d0cc8bc56d58860.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_msinfo_4536eb45a5f97101.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_ink_9d0caff456d5ade1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_ink_hwrcustomization_3663d5717756d7ef.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_filters_5826607a09b24880.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowsapps_8909e9aceeb80d44.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowsapps_mutablebackup_726f6fa1fbd23cbc.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowsapps_mutable_4773d03dc650afca.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowsapps_deleted_382e0caddd5f5e75.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_security_365dbe6b6f2d7a36.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_security_browsercore_c5418f66c0b6af1b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_security_browsercore_en-us_16858cc50c9b45db.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_photo_viewer_6eb173d8debcda9a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_nt_6101456faac5015c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_nt_tabletextservice_9475b2de2d92bc74.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_nt_accessories_156d2b9b22040474.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_media_player_visualizations_e380711fc66b5d12.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_media_player_network_sharing_aed05552f451fd7d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_media_player_media_renderer_5001a1a5de706f6e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_media_player_icons_94ff7ddc3fca431d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_096829c909d5eb56.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_en-us_a6e2e55771ed49c8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_classification_47699381a5289670.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_classification_configuration_e1d4288a0384bffc.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_3e33901162166ae9.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_offline_072b9e24a7f3689a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_en-us_a607fb510b9fff95.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_modifiablewindowsapps_230f2b3b95f10a16.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_system_b13078daf1286f60.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_system_ole_db_48d1b11cd4e5cabe.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_system_msadc_48cda3763ecb3874.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_system_ado_149a784bc852a2c0.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_vgx_3c86fd9f0b3afd9b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_textconv_dfb016a4185c8725.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_msinfo_817ad0c7c1c8e490.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_zh-tw_b1fdeb1bde31194e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_uk-ua_a87d6ae9ec71d9eb.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_sr-latn-rs_c779adb6e1df7f69.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_sk-sk_a4b08eb1f225243d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_pt-br_9efd33e9fab22d4b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_nl-nl_9b303a720065a2b3.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_languagemodel_ccceb944834c6c97.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_hwrcustomization_198fbcb0f379ad82.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_hu-hu_8fc97ca8117fc04f.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_he-il_8fc96dd2117fd4e1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_92b215ec670a7f35.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_symbols_4eaf815d64e8ecbc.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskpred_4ada71c56aba89ef.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_osknumpad_ee37ed195958108b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_osknav_bb31da33c2376c77.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskmenu_4ada925d6aba5911.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskclearui_efb22b63342a179d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_main_992db4c6307e339e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_keypad_bb29f287c24d4a93.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_insert_bb25e7d5c2685e4a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_auxpad_bb15ebb5c2b76782.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fi-fi_8bfc785c1733457b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_da-dk_882f8e141ce6a40d.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_cs-cz_8649306c1fc0326e.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_bg-bg_84629670229a1823.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_ar-sa_827c11e62573e02c.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$recycle.bin.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\micaut.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\mip.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\mraut.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\wab32.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\wab32res.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\ado\msado15.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\ado\msadomd.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\ado\msadox.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\msadc\msadce.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\msadc\msadco.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\msadc\msadds.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\msadc\msdaprst.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\msadc\msdarem.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\msadc\msdfmap.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\Ole DB\msdaps.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\Ole DB\oledb32.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Internet Explorer\iexplore.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\AMMonitoringProvider.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MpAsDesc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MpProvider.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MsMpCom.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\MsMpRes.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\shellext.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncPS.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseMirror.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseNdr.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseSC.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\mce.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\MpGear.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\SenseCE.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\en-US\MsSense.exe.mui Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Mail\wabimp.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Media Player\mpvis.DLL Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Media Player\setup_wm.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Media Player\wmlaunch.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Media Player\WMPMediaSharing.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Media Player\wmpnetwk.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Media Player\wmpnssci.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Media Player\wmprph.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows NT\Accessories\wordpad.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows NT\Accessories\WordpadFilter.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows NT\TableTextService\TableTextService.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Photo Viewer\PhotoAcq.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Photo Viewer\PhotoViewer.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Security\BrowserCore\en-US\BrowserCore.exe.mui Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mraut.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\wab32.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\wab32res.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\ado\msado15.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\ado\msadomd.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\ado\msadox.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\ado\msjro.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\msadc\msadce.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\msadc\msadco.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\msadc\msadds.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\msadc\msdaprst.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\msadc\msdarem.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\msadc\msdfmap.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\Ole DB\msdaps.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Defender\MpAsDesc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Mail\wabimp.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Media Player\mpvis.DLL Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Media Player\setup_wm.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Media Player\wmlaunch.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Media Player\WMPMediaSharing.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Media Player\wmpnssci.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Media Player\wmprph.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\bfsvc.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\explorer.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\HelpPane.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\regedit.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\splwow64.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\AcRes.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\drvmain.sdb Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\frxmain.sdb Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\msimain.sdb Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\sysmain.sdb Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\en-US\AcRes.dll.mui Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\bcastdvr\KnownGameList.bin Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\DVD\EFI\en-US\efisys.bin Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\DVD\EFI\en-US\efisys_noprompt.bin Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\qps-ploc\bootmgr.exe.mui Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Branding\Basebrd\basebrd.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Branding\Basebrd\en-US\basebrd.dll.mui Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Bluetooth\BluetoothDiagnosticUtil.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\PCW\DiagPackage.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\DiagTrack\GetFileActionAllowedList.dat Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\en-US\explorer.exe.mui Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\Inkfree.ttf Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\ICU\metaZones.res Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\ICU\timezoneTypes.res Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\ICU\windowsZones.res Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\ICU\zoneinfo64.res Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\timezoneMapping.xml Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\timezones.xml Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\tzautoupdate.dat Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\IME\SPTIP.DLL Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\appxblockmap.xml Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\appxmanifest.xml Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\appxsignature.p7x Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\SystemSettings.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\Telemetry.Common.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\en-US\SystemSettings.exe.mui Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\Settings\AllSystemSettings_{253E530E-387D-4BC2-959D-E6F86122E5F2}.xml Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\apps.inf Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\printupg.inf Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\DataCollection.admx Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\DeviceInstallation.admx Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\Feeds.admx Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\inetres.admx Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\Kerberos.admx Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\MDM.admx Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\MicrosoftEdge.admx Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\Multitasking.admx Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\Passport.admx Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\Printing.admx Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\Printing2.admx Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\Taskbar.admx Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\WindowsDefender.admx Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\WindowsUpdate.admx Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\DataCollection.adml Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\DeviceInstallation.adml Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\Feeds.adml Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\InetRes.adml Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\Kerberos.adml Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\MDM.adml Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\MicrosoftEdge.adml Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\Multitasking.adml Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\Passport.adml Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\Printing.adml Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\Taskbar.adml Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\WindowsDefender.adml Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\WindowsUpdate.adml Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PrintDialog\appxblockmap.xml Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PrintDialog\appxmanifest.xml Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PrintDialog\appxsignature.p7x Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PrintDialog\PrintDialog.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Microsoft-Desktop-Provisioning.dat Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Cosa\Microsoft\Microsoft.Windows.Cosa.Desktop.Client.ppkg Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Control.ppkg Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.CPU.ppkg Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Display.ppkg Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.MBB.ppkg Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.StandbyActivation.ppkg Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Storage.ppkg Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Telemetry.ppkg Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Wifi.ppkg Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Battery.ppkg Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Button.ppkg Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Control.ppkg Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Disk.ppkg Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Display.ppkg Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Graphics.ppkg Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.IdleResiliency.ppkg Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.PCIExpress.ppkg Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Processor.ppkg Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Sleep.ppkg Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\servicing\CbsMsg.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\servicing\TrustedInstaller.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\servicing\Editions\EditionMatrix.xml Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\servicing\en-US\CbsMsg.dll.mui Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellComponents\TaskFlowUI.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellComponents\WindowsInternal.ComposableShell.Experiences.DragDrop.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellComponents\WindowsInternal.ComposableShell.Experiences.Switcher.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\JumpViewUI.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\NetworkUX.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\PeopleCommonControls.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\PeoplePane.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\QuickActions.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\6bea57fb-8dfb-4177-9ae8-42e8b3529933_RuntimeDeviceInstall.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aadauthhelper.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aadcloudap.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aadjcsp.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aadtb.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aadWamExtension.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AarSvc.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AboutSettingsHandlers.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AboveLockAppHost.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\accessibilitycpl.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\accountaccessor.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AccountsRt.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AcGenral.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AcLayers.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\acmigration.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ACPBackgroundManagerPolicy.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\acppage.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActionCenter.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActivationClient.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActivationManager.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\activeds.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\activeds.tlb Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActiveSyncCsp.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActiveSyncProvider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\actxprxy.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AcWinRT.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AcXtrnal.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AdaptiveCards.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\adhsvc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AdmTmpl.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\adprovider.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\adrclient.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\adsldp.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\adsldpc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\adtschema.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AdvancedEmojiDS.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\advapi32.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aeinv.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aepic.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\agentactivationruntime.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\agentactivationruntimestarter.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\agentactivationruntimewindows.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aitstatic.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\alg.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\amsi.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\amsiproxy.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\amstream.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Analog.Shell.Broker.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\apds.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\APHostClient.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\APHostService.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\apisampling.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\APMon.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppContracts.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppExtension.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\apphelp.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Apphlpdm.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppHostRegistrationVerifier.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appidapi.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appidcertstorecheck.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appidpolicyconverter.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppIdPolicyEngineApi.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appidsvc.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appidtel.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appinfo.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appinfoext.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppInstallerPrompt.Desktop.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApplicationFrame.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApplicationFrameHost.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppLockerCSP.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApplySettingsTemplateCatalog.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApplyTrustOffline.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppManagementConfiguration.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appmgmts.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appmgr.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppointmentActivation.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppointmentApis.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppReadiness.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppResolver.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApproveChildRequest.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVCatalog.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVClientPS.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVDllSurrogate.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntStreamingManager.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntSubsystemController.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntSubsystems64.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntVirtualization.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appvetwclientres.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appvetwstreamingux.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVFileSystemMetadata.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVIntegration.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVManifest.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVNice.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVOrchestration.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVPolicy.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVPublishing.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVReporting.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVScripting.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVSentinel.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVShNotify.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVStreamingUX.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVStreamMap.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVTerminator.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appwiz.cpl Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxAllUserStore.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXApplicabilityBlob.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxApplicabilityEngine.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentClient.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentExtensions.desktop.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentExtensions.onecore.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentServer.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxPackaging.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxSip.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxSysprep.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AssignedAccessCsp.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AssignedAccessGuard.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AssignedAccessManager.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\assignedaccessmanagersvc.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AssignedAccessRuntime.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AssignedAccessShellProxy.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AtBroker.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atl.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atlthunk.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atmlib.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\audiodg.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioEndpointBuilder.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioEng.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioHandlers.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AUDIOKSE.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\audioresourceregistrar.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioSes.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\audiosrv.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioSrvPolicyManager.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\auditpol.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\auditpolcore.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AuditPolicyGPInterop.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AuthBroker.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AuthBrokerUI.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\authentication.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AuthExt.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\authfwcfg.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AuthHost.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\authui.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\authz.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\autoconv.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\autofmt.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\autopilot.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\autopilotdiag.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\autotimesvc.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\avrt.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AxInstSv.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AxInstUI.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\azroles.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\azroleui.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AzureSettingSyncProvider.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BackgroundMediaPolicy.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\backgroundTaskHost.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BackgroundTransferHost.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BarcodeProvisioningPlugin.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BcastDVRBroker.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BcastDVRClient.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BcastDVRCommon.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcastdvruserservice.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcdboot.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcdedit.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BCP47Langs.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BCP47mrm.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcrypt.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcryptprimitives.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bdechangepin.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bdesvc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bdeui.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BdeUISrv.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bdeunlock.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bidispl.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bindfltapi.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BingASDS.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BingFilterDS.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BingMaps.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BioCredProv.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BioIso.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bisrv.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BitLockerCsp.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BitLockerDeviceEncryption.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BitLockerWizard.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BitLockerWizardElev.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\biwinrt.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BluetoothApis.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BluetoothDesktopHandlers.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bnmanager.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BootMenuUX.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BrokerLib.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\browserbroker.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BrowserSettingSync.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BTAGService.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BthAvctpSvc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BthAvrcp.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BthAvrcpAppSvc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BthpanContextHandler.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BthRadioMedia.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\btpanui.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BWContextHandler.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ByteCodeGenerator.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\C_G18030.DLL Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\c_GSM7.DLL Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\C_IS2022.DLL Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cabinet.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CallButtons.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CallHistoryClient.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CameraCaptureUI.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CameraSettingsUIHost.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CapabilityAccessHandlers.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CapabilityAccessManager.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CapabilityAccessManagerClient.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\capauthz.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\capiprovider.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CaptureService.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CastingShellExt.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CastLaunch.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CastSrv.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\catsrv.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\catsrvut.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CBDHSvc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdosys.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdp.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdprt.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdpsvc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdpusersvc.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cellulardatacapabilityhandler.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cemapi.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certca.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certcli.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certenc.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CertEnroll.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CertEnrollCtrl.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certmgr.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CertPKICmdlet.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CertPolEng.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certprop.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certreq.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cewmdm.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cfgbkend.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cfgmgr32.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CfgSPCellular.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CfgSPPolicy.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cflapi.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cfmifs.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakra.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakradiag.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakrathunk.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ChatApis.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CheckNetIsolation.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ChsStrokeDS.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ChtAdvancedDS.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ChtBopomofoDS.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ChtCangjieDS.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ChtHkStrokeDS.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ChtQuickDS.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ChxAPDS.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ChxDecoder.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ChxHAPDS.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\chxinputrouter.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\chxranker.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cic.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CIDiag.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cimfs.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CIWmi.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\clbcatq.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cldapi.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cleanmgr.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ClipboardServer.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Clipc.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ClipSVC.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ClipUp.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\clipwinrt.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cloudAP.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudDomainJoinAUG.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudDomainJoinDataModelServer.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudExperienceHost.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudExperienceHostBroker.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudExperienceHostBroker.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudExperienceHostCommon.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudExperienceHostUser.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudNotifications.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\clusapi.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cmd.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cmdext.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cmdial32.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cmifw.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cmintegrator.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cngprovider.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cnvfat.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\colbact.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\coloradapterclient.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\COLORCNV.DLL Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\colorui.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\combase.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comctl32.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comdlg32.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\coml2.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTelRunner.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ComposerFramework.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompPkgSrv.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompPkgSup.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\compstui.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\computecore.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\computestorage.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comrepl.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comsnap.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comsvcs.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comuid.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\configmanager2.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ConfigureExpandedStorage.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\conhost.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\connect.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ConnectedAccountState.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\consent.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ConsentExperienceCommon.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ConsentUX.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ConsentUxClient.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\console.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ConsoleLogon.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ConstraintIndex.Search.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ContactActivation.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ContactApis.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\container.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\containerdevicemanagement.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ContentDeliveryManager.Utilities.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\convertvhd.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\coredpus.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\coredpussvr.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\coreglobconfig.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreMas.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreMessaging.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreShell.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreShellAPI.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreShellExtFramework.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreUIComponents.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\correngine.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CourtesyEngine.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CPFilters.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredDialogBroker.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredentialEnrollmentManager.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredentialEnrollmentManagerForUser.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredentialUIBroker.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredProv2faHelper.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredProvDataModel.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredProvHelper.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\credprovhost.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\credprovs.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\credprovslegacy.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\credui.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\crypt32.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptbase.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptcatsvc.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptdll.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptext.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptnet.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptngc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CryptoWinRT.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptsp.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptui.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptuiwizard.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscapi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscdll.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CscMig.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscobj.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscript.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscsvc.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CspCellularSettings.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CspProxy.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CSystemEventsBrokerClient.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cttunesvr.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CustomInstallExec.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CustomShellHost.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cxcredprov.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CXHProvisioningServer.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d2d1.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d10warp.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d11.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d11on12.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\D3D12.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\D3D12Core.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d8thk.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d9.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d9on12.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\D3DCompiler_47.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\D3DSCache.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dab.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dabapi.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DAConn.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dafBth.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DafDnsSd.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DafGip.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DAFIPP.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DAFMCP.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dafpos.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DafPrintProvider.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dafupnp.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dafWCN.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DAFWSD.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DAMediaManager.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DAMM.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\das.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DataExchange.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DataExchangeHost.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DataStoreCacheDumpTool.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DataUsageHandlers.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DataUsageLiveTileTask.exe Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\davclnt.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\davhlpr.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DavSyncProvider.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\daxexec.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dbgcore.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dbghelp.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dbnetlib.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dciman32.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dcntel.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dcomp.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DdcAntiTheftApi.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DDDS.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ddisplay.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ddpchunk.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DefaultPrinterProvider.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Defrag.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\defragproxy.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\defragres.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\defragsvc.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\deploymentcsps.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\desktopimgdownldr.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DesktopShellAppStateContract.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DesktopShellExt.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DesktopSwitcherDataModel.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DesktopView.Internal.Broker.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DevDispItemProvider.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeveloperOptionsSettingsHandlers.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devenum.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\deviceaccess.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceCensus.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceCenter.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceCredentialDeployment.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceDirectoryClient.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceDisplayStatusManager.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceDriverRetrievalClient.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceElementSource.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceEnroller.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceFlows.DataModel.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceMetadataRetrievalClient.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devicengccredprov.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DevicePairing.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DevicePairingExperienceMEM.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DevicePairingFolder.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceReactivation.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceSetupManager.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceSetupManagerAPI.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceSetupStatusProvider.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DevicesFlowBroker.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceSoftwareInstallationClient.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceUpdateAgent.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceUpdateCenterCsp.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devinv.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devmgr.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devobj.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DevPropMgr.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devrtl.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dfrgui.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DfsShlEx.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dggpext.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcore.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcore6.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcsvc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcsvc6.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DHolographicDisplay.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagnosticdataquery.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagnosticInvoker.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagnosticLogCSP.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagperf.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagtrack.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dialclient.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DialogBlockerProc.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DialogBlockingManager.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DialogBlockingService.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dialserver.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DictationManager.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dimsroam.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\directmanipulation.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\directml.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\directxdatabaseupdater.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\discan.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diskpart.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diskperf.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiskSnapshot.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DismApi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DispBroker.Desktop.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DispBroker.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dispex.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Display.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DisplayManager.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DisplaySwitch.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\djoin.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dllhost.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dlnashext.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DMAlertListener.ProxyStub.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DmApiSetExtImplDesktop.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DMAppsRes.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmcertinst.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmclient.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmcmnutils.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmenrollengine.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmenterprisediagnostics.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmiso8601utils.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DmNotificationBroker.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmocx.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmpushproxy.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DMPushRouterCore.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DMRCDecoder.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DMRServer.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmxmlhelputils.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dnsapi.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dnscacheugc.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dnshc.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dnsrslvr.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Docking.VirtualInput.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DolbyDecMFT.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\domgmt.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dosettings.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dosvc.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3api.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dot3Conn.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3dlg.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3gpui.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3hc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3mm.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3msm.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3svc.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dpapi.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dpapiprovider.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dpapisrv.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DragDropExperienceCommon.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DragDropExperienceDataExchangeDelegated.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drprov.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DrtmAuthTxt.wim Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drvinst.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drvsetup.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drvstore.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsparse.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsreg.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsregcmd.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsregtask.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsrole.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dssenh.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dsui.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dtsh.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DTUHandler.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DTUHandlerPS.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DuCsps.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DucUpdateAgent.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dui70.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\duser.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dusmapi.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwm.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmapi.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmcore.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmghost.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmredir.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmscene.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DWrite.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DWWIN.EXE Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DXCore.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxdiagn.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxgi.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxgiadaptercache.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dxpserver.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxtmsft.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxtrans.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EAMProgressHandler.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eapp3hst.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eappcfg.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eappcfgui.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eappgnui.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eapphost.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eappprxy.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eapprovp.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eapputil.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eapsimextdesktop.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EapTeapAuth.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EapTeapConfig.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\easconsent.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EaseOfAccessDialog.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EASPolicyManagerBrokerHost.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\easwrt.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EdgeContent.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edgehtml.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edgeIso.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EdgeManager.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EditBufferTestHook.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EditionUpgradeHelper.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EditionUpgradeManagerObj.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EDPCleanup.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edpcsp.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edpnotify.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edptask.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edputil.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eeprov.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\efscore.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\efsext.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\efslsaext.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\efswrt.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EhStorAPI.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EhStorShell.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ELSCore.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EmailApis.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\embeddedmodesvc.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\embeddedmodesvcapi.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EmojiDS.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\energy.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\energytask.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\enrollmentapi.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EnterpriseAPNCsp.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EnterpriseAppMgmtClient.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EnterpriseAppMgmtSvc.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\enterprisecsps.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EnterpriseModernAppMgmtCSP.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EoAExperiences.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ErrorDetails.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\esent.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eShims.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EthernetMediaManager.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EventAggregation.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eventcls.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\evr.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ExecModelClient.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\execmodelproxy.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ExplorerFrame.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ExSMime.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\facecredentialprovider.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Facilitator.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Family.Authentication.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Family.Cache.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Family.Client.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Family.SyncEngine.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Faultrep.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FaxPrinterInstaller.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fcon.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FdDevQuery.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fde.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fdPnp.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fdSSDP.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fdWCN.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fdWNet.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fdWSD.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ffbroker.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhcat.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhcfg.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhcleanup.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhengine.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhevents.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhlisten.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhmanagew.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhsettingsprovider.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhshl.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhsrchapi.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhsrchph.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhsvc.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhsvcctl.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhtask.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fidocredprov.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FileAppxStreamingDataSource.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FileHistory.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\filemgmt.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FilterDS.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\findnetprinters.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fingerprintcredential.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FirewallAPI.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FirewallControlPanel.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FlightSettings.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fltLib.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fltMC.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FluencyDS.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FntCache.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fontdrvhost.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FontGlyphAnimator.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fontsub.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fphc.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\framedynos.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FrameServer.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FrameServerClient.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FsIso.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FsNVSDeviceSource.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fsutilext.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveapi.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveapibase.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fvecpl.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveskybackup.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveui.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fvewiz.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fwbase.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fwcfg.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fwmdmcsp.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fwpolicyiomgr.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FwRemoteSvr.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSAPI.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSCOM.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSCOMEX.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSCOMPOSE.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSCOMPOSERES.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSCOVER.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSEVENT.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSMON.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSRESM.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSROUTE.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSSVC.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXST30.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSTIFF.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSUNATD.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSUTILITY.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GameBarPresenceWriter.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GameBarPresenceWriter.proxy.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GameChatTranscription.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GameInput.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GamePanel.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gameux.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gamingtcui.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gdi32.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gdi32full.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GdiPlus.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\generaltel.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Geocommon.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Geolocation.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\glmf32.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\globinputhost.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\glu32.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gmsaclient.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpapi.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpedit.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpresult.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpscript.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpscript.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpsvc.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpupdate.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GraphicsCapture.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GraphicsPerfSvc.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Groupinghc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HashtagDS.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HdcpHandler.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HeatCore.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HelpPaneProxy.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hgcpl.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hhctrl.ocx Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hid.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hlink.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hnetcfg.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HNetCfgClient.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HologramCompositor.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HologramWorld.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HolographicExtensions.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HolographicRuntimes.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HoloShellRuntime.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HoloSHExtensions.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HoloSI.PCShell.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HrtfApo.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\httpapi.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\httpprxm.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HttpsDataSource.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvax64.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvix64.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvloader.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvsievaluator.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvsigpext.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HvsiManagementApi.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HvSocket.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Hydrogen.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iasacct.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iasads.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iasdatastore.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iashlpr.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IasMigPlugin.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iasnap.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iaspolcy.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iasrad.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iasrecst.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iassam.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iassdo.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iassvcs.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icfupgd.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icm32.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IcsEntitlementHost.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icsvc.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icsvcext.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icu.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icuin.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icuuc.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IdCtrls.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IdListen.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IDStore.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ie4uinit.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieapfltr.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iedkcs32.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieframe.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iemigplugin.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iepeers.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieproxy.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iertutil.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IESettingSync.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieui.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ifsutil.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\igdDiag.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IHDS.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\imagehlp.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\imapi.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\imapi2.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\imapi2fs.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\imgutil.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\imm32.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\immersivetpmvscmgrsvr.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ImplatSetup.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IndexedDbLegacy.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\inetcomm.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\inetcpl.cpl Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\inetpp.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\inetppui.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\INETRES.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InkEd.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InkObjCore.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\input.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputCloudStore.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputController.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputHost.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputInjectionBroker.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputLocaleManager.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputService.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputSwitch.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputSwitchToastHandler.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InstallService.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InstallServiceTasks.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\internetmail.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InternetMailCsp.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\intl.cpl Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\invagent.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IoTAssignedAccessLockFramework.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IPHLPAPI.DLL Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ipnathlp.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iprtprio.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iprtrmgr.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ipsecsnp.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IPSECSVC.DLL Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ipsmsnap.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iri.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ISM.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\isoburn.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\itircl.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\JavaScriptCollectionAgent.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\joinutil.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\JpMapControl.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jpndecoder.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jpninputrouter.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jpnranker.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\JpnServiceDS.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jscript.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jscript9.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jscript9diag.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jsproxy.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kbd101.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kbd106.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kbd106n.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KBDJPN.DLL Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KBDUS.DLL Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kdhvcom.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kdnet.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kdstub.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kerberos.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kernel.appcore.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kernel32.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KernelBase.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KeyboardFilterCore.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KeyboardFilterManager.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KeyboardFilterShim.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KeyboardFilterSvc.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KeyCredMgr.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KeywordDetectorMsftSidAdapter.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\klist.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KnobsCore.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KnobsCsp.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ksproxy.ax Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ktmw32.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\L2SecHC.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LanguageComponentsInstallerComHandler.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LanguageOverlayServer.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LanguageOverlayUtil.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LanguagePackDiskCleanup.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LaunchTM.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LaunchWinApp.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LegacyNetUX.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LegacySystemSettings.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\libcrypto.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicenseManager.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicenseManagerApi.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicenseManagerShellext.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicenseManagerSvc.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicensingCSP.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\licensingdiag.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicensingDiagSpp.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicensingUI.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicensingWinRT.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\linkinfo.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ListSvc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lltdsvc.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\localspl.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\localui.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationApi.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFramework.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFrameworkInternalPS.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFrameworkPS.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationWinPalMisc.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockAppBroker.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockAppHost.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockController.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockHostingFramework.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockScreenContent.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockScreenContentHost.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockScreenContentServer.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockScreenData.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\logagent.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\logman.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\logoncli.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LogonController.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lpasvc.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lpk.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lpkinstall.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lpksetup.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lsm.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\luainstall.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Magnify.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ManageCI.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapConfiguration.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapGeocoder.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapRouter.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapsBtSvc.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapsCSP.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapsStore.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mavinject.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeApi.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeApiPublic.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MBMediaManager.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MBR2GPT.EXE Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mbsmsapi.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mbussdapi.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MCCSEngineShared.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MCRecvSrc.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MDEServer.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MDMAgent.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MDMAppInstaller.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MdmCommon.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MdmDiagnostics.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MdmDiagnosticsTool.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmlocalmanagement.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmmigrator.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmpostprocessevaluator.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmregistration.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MediaFoundation.DefaultPerceptionProvider.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MessagingDataModel2.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MessagingService.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mf.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mf3216.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfasfsrcsnk.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfaudiocnv.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfc42.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfc42u.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MFCaptureEngine.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfcore.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfds.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfh264enc.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MFMediaEngine.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfmkvsrcsnk.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfmp4srcsnk.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfmpeg2srcsnk.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfnetcore.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfnetsrc.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfplat.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MFPlay.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfps.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfreadwrite.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfsensorgroup.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfsrcsnk.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfsvr.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfvdsp.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mgmtrefreshcredprov.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mi.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft-Windows-Internal-Shell-NearShareExperience.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\microsoft-windows-system-events.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Bluetooth.Proxy.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Bluetooth.Service.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Bluetooth.UserService.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.AppAgent.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.CommonBridge.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.ConfigWrapper.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.CscUnpinTool.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.ModernAppAgent.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.Office2010CustomActions.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.Office2013CustomActions.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.PrinterCustomActions.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MicrosoftAccountExtension.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MicrosoftAccountTokenProvider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MicrosoftAccountWAMExtension.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\midimap.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migisol.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MiracastInputMgr.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MiracastReceiver.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MiracastReceiverExt.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mispace.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MitigationClient.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MitigationConfiguration.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\miutils.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MixedReality.Broker.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MixedRealityCapture.Pipeline.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MixedRealityRuntime.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mlang.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmc.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmcndmgr.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmcshext.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MMDevAPI.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmgaclient.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmgaserver.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmsys.cpl Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mobilenetworking.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\modernexecserver.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MosHostClient.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\moshostcore.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MoUsoCoreWorker.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MP43DECD.DLL Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MPG4DECD.DLL Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mpr.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mprddm.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mprdim.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MPSSVC.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MrmCoreR.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MrmIndexer.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ms3dthumbnailprovider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msaatext.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msacm32.drv Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSAlacDecoder.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSAlacEncoder.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msasn1.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSAudDecMFT.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msaudite.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mscms.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msconfig.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msctf.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MsCtfMonitor.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msctfp.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msctfuimanager.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msdtcuiu.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msfeeds.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSFlacDecoder.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSFlacEncoder.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msftedit.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MsftOemDllIgneous.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSHEIF.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mshtml.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mshtml.tlb Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mshtmled.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msi.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msimg32.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msimsg.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msinfo32.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msisip.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msIso.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mskeyprotect.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msls31.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msmpeg2vdec.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msobjs.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msoert2.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSOpusDecoder.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mspaint.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSPhotography.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msra.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msrahc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MsraLegacy.tlb Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSRAWImage.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msrdc.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MsRdpWebAccess.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msscntrs.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssitlb.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MsSpellCheckingFacility.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MsSpellCheckingHost.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssph.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssprxy.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssrch.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssvp.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msTextPrediction.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mstsc.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mstscax.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msutb.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msv1_0.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msvcp110_win.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msvcp_win.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msvcrt.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSVidCtl.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSVideoDSP.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSVP9DEC.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msvproc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSVPXENC.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSWB7.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSWebp.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mswmdm.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mswsock.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml3.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml3r.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml6.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml6r.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MtcModel.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MTFAppServiceDS.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MtfDecoder.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MTFFuzzyDS.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MTFServer.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MTFSpellcheckDS.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MuiUnattend.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\musdialoghandlers.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusNotification.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusNotificationUx.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusNotifyIcon.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusUpdateHandlers.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mycomput.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mydocs.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NapiNSP.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Narrator.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NaturalAuth.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\navshutdown.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncobjapi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncpa.cpl Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncrypt.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncryptprov.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncryptsslp.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncsi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ndadmin.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ndfapi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ndfetw.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ndfhcdiscovery.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ndishc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\net1.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netapi32.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netbtugc.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netcfgx.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netcorehc.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netdiagfx.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetDriverInstall.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netid.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netlogon.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netman.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netplwiz.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netprofm.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netprofmsvc.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupApi.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupEngine.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupShim.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupSvc.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netshell.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nettrace.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netutils.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkBindingEngineMigPlugin.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkCollectionAgent.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkDesktopSettings.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\networkhelper.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkMobileSettings.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkQoSPolicyCSP.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkStatus.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkUXBroker.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\newdev.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\newdev.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NFCProvisioningPlugin.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NfcRadioMedia.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngccredprov.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NgcCtnr.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NgcCtnrGidsHandler.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NgcCtnrSvc.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NgcIsoCtnr.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngckeyenum.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngclocal.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngcpopkeysrv.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NgcProCsp.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngcrecovery.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngcsvc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngctasks.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ninput.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nlaapi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nlahc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nlasvc.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nlmgp.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nlmproxy.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nlmsprep.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nltest.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NmaDirect.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\normaliz.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\notepad.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NotificationController.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NotificationControllerPS.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\notificationplatformcomponent.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\npmproxy.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NPSM.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NPSMDesktopProvider.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nshhttp.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nshipsec.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nshwfp.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntasn1.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntdsapi.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntlanman.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntmarta.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntprint.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntprint.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntshrui.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OcpUpdateAgent.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ocsetapi.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\odbcconf.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oemlicense.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ofdeploy.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\officecsp.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\offlinesam.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\offreg.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ole32.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleacc.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleacchooks.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleaut32.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oledlg.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleprn.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OmaDmAgent.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\omadmapi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\omadmclient.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\omadmprc.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OnDemandBrokerClient.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OnDemandConnRouteHelper.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneBackupHandler.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneCoreCommonProxyStub.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneCoreUAPCommonProxyStub.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneDriveSettingSyncProvider.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneSettingsClient.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\onex.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpcServices.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\opengl32.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpenWith.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\P2P.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pacjsworker.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\packager.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PackageStateChangeHandler.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PackageStateRoaming.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PasswordEnrollmentManager.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PasswordOnWakeSettingFlyout.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PayloadRestrictions.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcacli.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcadm.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcaevts.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcalua.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcasvc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcaui.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcaui.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PCPKsp.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PCShellCommonProxyStub.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcwrun.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcwutl.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pdh.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDist.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistAD.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistCacheProvider.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistCleaner.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistHttpTrans.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistSh.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistSvc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistWSDDiscoProv.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeopleAPIs.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeopleBand.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PerceptionDevice.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PerceptionSimulationExtensions.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PerceptionSimulationManager.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfctrs.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfdisk.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfnet.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfos.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfproc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfts.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PersonalizationCSP.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\phoneactivate.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhoneCallHistoryApis.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhoneOm.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhonePlatformAbstraction.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhoneProviders.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhoneService.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhoneServiceRes.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Phoneutil.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhotoMetadataHandler.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhotoScreensaver.scr Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PickerHost.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PickerPlatform.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PimIndexMaintenance.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PimIndexMaintenanceClient.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Pimstore.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PinEnrollmentBroker.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PinEnrollmentHelper.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pkeyhelper.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PktMon.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PktMonApi.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pku2u.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\playlistfolder.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PlaySndSrv.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PlayToDevice.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PlayToManager.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\playtomenu.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PlayToReceiver.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PlayToStatusProvider.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ploptin.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pngfilt.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnidui.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnpclean.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnppolicy.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PnPUnattend.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnputil.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PNPXAssoc.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Pnrphc.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnrpnsp.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnrpsvc.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\policymanager.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\policymanagerprecheck.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\polstore.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PortableDeviceApi.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PortableDeviceClassExtension.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PortableDeviceConnectApi.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PortableDeviceStatus.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PortableDeviceSyncProvider.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PortableDeviceTypes.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PortableDeviceWiaCompat.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\POSyncServices.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\powrprof.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\prevhost.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\printfilterpipelineprxy.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\printfilterpipelinesvc.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintIsolationHost.exe Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintIsolationProxy.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintPlatformConfig.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintRenderAPIHost.DLL Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\printui.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\printui.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintWorkflowService.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintWSDAHost.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\prnntfy.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\prntvpt.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ProductEnumerator.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\profapi.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\profext.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\profsvc.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\profsvcext.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\propsys.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provcore.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provdatastore.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provdiagnostics.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provengine.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provhandlers.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provisioningcsp.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ProvisioningHandlers.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provmigrate.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provops.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provplatformdesktop.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ProvPluginEng.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ProvSysprep.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provtool.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ProximityCommonPal.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ProximityUxHost.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\psapi.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\psisdecd.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PsmServiceExtHost.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\psmsrv.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\psr.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\puiapi.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\puiobj.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PushToInstall.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pwlauncher.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pwsso.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\qdvd.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\qedit.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\qmgr.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\quartz.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\QuickActionsDataModel.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\quickassist.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\QuietHours.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\racpldlg.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RADCUI.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasapi32.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\raschap.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\raschapext.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rascustom.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasdlg.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\raserver.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasgcw.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasman.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasmans.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RasMediaManager.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RASMM.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasplap.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rastapi.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rastls.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rastlsext.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdbui.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpbase.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpclip.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpcore.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpcorets.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpencom.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpendp.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpinit.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpnano.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RdpRelayTransport.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpserverbase.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpsharercom.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpshell.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpsign.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpudd.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpviewerax.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RDSAppXHelper.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdsdwmdr.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdsxvmaudio.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdvvmtransport.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RDXService.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RDXTaskFactory.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ReAgent.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ReAgentc.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\recdisc.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RecoveryDrive.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\refsutil.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\regapi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RegCtrl.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\relog.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RemoteAppLifetimeManager.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\remoteaudioendpoint.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\remotepg.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RemovableMediaProvisioningPlugin.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RemoveDeviceContextHandler.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rendezvousSession.tlb Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\reseteng.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResetEngine.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResetEngine.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResetEngOnline.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResourceMapper.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResourcePolicyClient.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResourcePolicyServer.dll Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\resutils.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RjvMDMConfig.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RMapi.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rmclient.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RMSRoamingSecurity.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rmttpmvscmgrsvr.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RoamingSecurity.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Robocopy.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RotMgr.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RpcEpMap.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rpcrt4.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rpcss.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rrinstaller.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rsaenh.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rstrui.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rtm.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RTMediaFrame.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rtutils.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RTWorkQ.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RuleBasedDS.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rundll32.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\runexehelper.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\runonce.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RuntimeBroker.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\samcli.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\samlib.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\samsrv.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SCardBi.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SCardDlg.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SCardSvr.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ScDeviceEnum.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\scesrv.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\schannel.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\schedsvc.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\schtasks.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\scripto.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ScriptRunner.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\scrobj.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\scrptadm.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\scrrun.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdbinst.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdchange.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdclt.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SDDS.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdengin2.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdohlp.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdrsvc.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdshext.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Search.ProtocolHandler.MAPI2.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchFilterHost.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchFolder.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchIndexer.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchProtocolHost.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SebBackgroundManagerPolicy.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecConfig.efi Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sechost.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\secur32.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecureAssessmentHandlers.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityCenterBroker.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityHealthAgent.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityHealthHost.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityHealthProxyStub.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityHealthService.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityHealthSSO.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SEMgrSvc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sendmail.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SensorDataService.exe Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SensorsApi.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SensorsClassExtension.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SensorsUtilsV2.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\services.exe Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SessEnv.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sessionmsg.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SetNetworkLocation.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SetNetworkLocationFlyout.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SetProxyCredential.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingMonitor.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsEnvironment.Desktop.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsExtensibilityHandlers.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Accessibility.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_AnalogShell.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_AppControl.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_AppExecutionAlias.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_AssignedAccess.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Authentication.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_BackgroundApps.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_BatteryUsage.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_BrowserDeclutter.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_CapabilityAccess.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Clipboard.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_ClosedCaptioning.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_ContentDeliveryManager.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Cortana.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Devices.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Display.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Flights.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Fonts.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_ForceSync.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Gaming.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Geolocation.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Gpu.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_IME.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_InkingTypingPrivacy.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_InputPersonalization.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Language.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_ManagePhone.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Maps.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Mouse.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Notifications.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_nt.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_OneCore_BatterySaver.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_OneCore_PowerAndSleep.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_OneDriveBackup.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_OptionalFeatures.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_PCDisplay.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Pen.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_QuickActions.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Region.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_SharedExperiences_Rome.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_SIUF.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_SpeechPrivacy.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Startup.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_StorageSense.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Troubleshoot.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_User.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_UserAccount.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_UserExperience.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_WorkAccess.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingSync.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingSyncCore.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingSyncHost.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setupapi.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setupcl.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setupcln.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setupugc.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sfc.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sfc_os.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SgrmBroker.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SgrmEnclave.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SgrmEnclave_secure.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SgrmLpac.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shacct.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SharedPCCSP.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SharedRealitySvc.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ShareHost.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SHCore.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shdocvw.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shell32.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ShellCommonCommonProxyStub.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shimeng.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shlwapi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shsetup.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shutdownux.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shwebsvc.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\signdrv.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SIHClient.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sihost.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\slc.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\slui.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SmartCardBackgroundPolicy.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SmartcardCredentialProvider.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SmartCardSimulator.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smartscreen.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smartscreenps.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SMBHelperClass.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smbwmiv2.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SmiEngine.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smphost.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SmsRouterSvc.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SndVol.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SndVolSSO.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SnippingTool.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\socialapis.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spacebridge.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spaceman.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpatialAudioLicenseSrv.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpatializerApo.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpatialStore.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spbcd.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Spectrum.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpeechPal.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spfileq.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spinf.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spoolss.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spoolsv.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spopk.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppc.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppcext.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppcomapi.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SppExtComObj.Exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppnp.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppobjs.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppsvc.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppwinob.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spwizeng.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spwizres.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srchadmin.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srcore.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SRH.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srhelper.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srmclient.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srmscan.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srmshell.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srmstormod.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srpapi.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srumapi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srumsvc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srvcli.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srvsvc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sscore.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ssdm.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ssdpapi.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ssdpsrv.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StartTileData.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StateRepository.Core.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\stclient.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\stobject.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StorageContextHandler.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StorageUsage.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\storagewmi.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\storewuauth.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StorSvc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StringFeedbackEngine.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StructuredQuery.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sud.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SvBannerBackground.png Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\svchost.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SwitcherDataModel.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\swprv.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sxs.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sxstrace.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncAppvPublishingServer.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncController.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncHost.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncInfrastructure.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncProxy.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncSettings.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\syncutil.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sysmain.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SysResetErr.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemEventsBrokerClient.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemEventsBrokerServer.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\systemreset.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettings.DataModel.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettings.DeviceEncryptionHandlers.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettings.Handlers.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettings.SettingsExtensibility.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettings.UserAccountsHandlers.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettingsAdminFlows.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettingsBroker.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettingsRemoveDevice.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettingsThresholdAdminFlowUI.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSupportInfo.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemUWPLauncher.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TabbtnEx.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TabSvc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tapi3.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tapilua.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TapiMigPlugin.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TaskApis.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskbarcpl.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskcomp.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TaskFlowDataEngine.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskhostw.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Taskmgr.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskschd.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TaskSchdPS.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tbauth.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tbs.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tdc.ocx Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tdh.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TDLMigration.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TelephonyInteractiveUser.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tellib.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TempSignedLicenseExchangeTask.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\termmgr.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\termsrv.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringclient.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringconfigsp.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TetheringMgr.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringservice.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TextInputFramework.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TextInputMethodFormatter.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TextShaping.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\themeui.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ThirdPartyNoticesBySHS.txt Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\threadpoolwinrt.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\thumbcache.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ThumbnailExtractionHost.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tier2punctuations.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TieringEngineService.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TileDataRepository.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TimeBrokerClient.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TimeBrokerServer.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\timedate.cpl Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tokenbinding.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TokenBroker.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TokenBrokerCookies.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TpmCertResources.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TpmCoreProvisioning.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TpmTasks.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TpmTool.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tpmvsc.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tpmvscmgrsvr.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tquery.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tracerpt.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TransliterationRanker.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TransportDSA.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\trie.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TrustedSignalCredProv.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tscfgwmi.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TSErrRedir.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tsf3gip.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tsgqec.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tsmf.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tspubwmi.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TSSessionUX.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TSTheme.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TSWbPrxy.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TSWorkspace.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TtlsExt.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tttracer.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tvratings.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twext.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinapi.appcore.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinapi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinui.appcore.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinui.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinui.pcshell.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\typeperf.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tzautoupdate.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tzres.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ubpm.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ucmhc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ucrtbase.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ucrtbase_enclave.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\udhisapi.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uDWM.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uexfat.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ufat.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UiaManager.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIAnimation.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIAutomationCore.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uicom.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ulib.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\umb.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\umpdc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\umpnpmgr.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\umpo.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\umpoext.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\umrdp.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Unistore.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\untfs.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UpdateAgent.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\updatecsp.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UpdateDeploymentProvider.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\updatepolicy.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\upnp.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\upnpcont.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\upnphost.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\upshared.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uReFS.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\urlmon.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:16 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usbmon.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UsbSettingsHandlers.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UsbTask.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\user32.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserAccountBroker.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\useractivitybroker.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usercpl.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDataAccountApis.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDataPlatformHelperUtil.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDataService.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDataTimeUtil.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDeviceRegistration.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDeviceRegistration.Ngc.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\userenv.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserLanguageProfileCallback.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usermgr.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usermgrcli.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserMgrProxy.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usoapi.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UsoClient.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usocoreworker.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usosvc.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usp10.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UtcDecoderHost.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\utcutil.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Utilman.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uudf.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UvcModel.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uwfcfgmgmt.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uwfcsp.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uxlib.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uxtheme.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vac.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VAN.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VaultCDS.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vaultcli.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VaultRoaming.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vaultsvc.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VBICodec.ax Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vbsapi.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vbscript.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vbssysprep.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VCardParser.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vds.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vds_ps.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vdsbas.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vdsdyn.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vdsldr.exe Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vdsutil.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vdsvd.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\version.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vertdll.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vfuprov.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vid.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VideoHandlers.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VIDRESZR.DLL Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\virtdisk.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VirtualMonitorManager.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmdevicehost.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmrdvcore.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VocabRoamingHandler.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VoiceActivationManager.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VoipRT.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vpnike.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VPNv2CSP.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vssapi.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vsstrace.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VSSVC.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\w32time.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\w32topl.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSAssessment.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSMedicAgent.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSMedicCapsule.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSMedicPS.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSMedicSvc.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WalletService.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wavemsp.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbadmin.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbemcomn.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbengine.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbiosrvc.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wc_storage.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wci.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcimage.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcmapi.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcmcsp.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcmsvc.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WcnApi.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcncsvc.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WcnNetsh.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcnwiz.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wdscore.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\webauthn.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WebcamUi.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\webio.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\webplatstorageserver.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WebRuntimeManager.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\webservices.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Websocket.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wecapi.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wecsvc.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wecutil.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wer.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\werconcpl.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wercplsupport.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\werdiagcontroller.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WerEnc.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\weretw.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WerFault.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WerFaultSecure.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wermgr.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wersvc.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\werui.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wevtapi.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wevtsvc.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wevtutil.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wfapigp.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wfdprov.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WFDSConMgrSvc.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WfHC.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WFS.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WFSR.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiaacmgr.exe Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiaaut.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiadefui.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiascanprofiles.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiashext.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WiFiCloudStore.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WiFiConfigSP.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wifidatacapabilityhandler.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wifinetworkmanager.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wifitask.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wimgapi.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wimserv.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32appinventorycsp.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Win32CompatibilityAppraiserCSP.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32k.sys Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kbase.sys Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kfull.sys Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32spl.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32u.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winbio.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioDataModel.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioDataModelOOBE.exe Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winbrand.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wincorlib.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wincredprovider.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowManagement.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowManagementAPI.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.AccountsControl.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.AI.MachineLearning.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.AI.MachineLearning.Preview.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Background.SystemEventsBroker.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Background.TimeBroker.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.ConversationalAgent.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.applicationmodel.conversationalagent.internal.proxystub.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.applicationmodel.conversationalagent.proxystub.dll Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Core.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.applicationmodel.datatransfer.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Store.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Store.Preview.DOSettings.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Wallet.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.CloudStore.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.CloudStore.Schema.DesktopShell.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.CloudStore.Schema.Shell.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Cortana.Desktop.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Cortana.OneCore.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Data.Activities.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Data.Pdf.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.AllJoyn.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Background.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Bluetooth.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Custom.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Enumeration.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Haptics.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.HumanInterfaceDevice.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Lights.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.LowLevel.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Midi.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Perception.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Picker.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.PointOfService.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Portable.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Printers.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Printers.Extensions.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Radios.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Scanners.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Sensors.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.SerialCommunication.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.SmartCards.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.SmartCards.Phone.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Usb.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.WiFi.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.WiFiDirect.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Energy.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.FileExplorer.Common.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Gaming.Input.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Gaming.Preview.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Gaming.UI.GameBar.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Gaming.XboxLive.Storage.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Globalization.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Globalization.Fontgroups.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Globalization.PhoneNumberFormatting.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Display.BrightnessOverride.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Display.DisplayEnhancementOverride.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Printing.3D.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Printing.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Printing.Workflow.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.AdaptiveCards.XamlCardRenderer.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Bluetooth.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.CapturePicker.Desktop.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.CapturePicker.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Devices.Sensors.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Feedback.Analog.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Graphics.Display.DisplayColorManagement.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Graphics.Display.DisplayEnhancementManagement.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Management.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Management.SecureAssessment.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.PlatformExtension.DevicePickerExperience.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.PlatformExtension.MiracastBannerExperience.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.PredictionUnit.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.SecurityMitigationsBroker.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Shell.Broker.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.internal.shellcommon.AccountsControlExperience.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.internal.shellcommon.AppResolverModal.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.ShellCommon.Broker.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.internal.shellcommon.FilePickerExperienceMEM.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.ShellCommon.PrintExperience.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.internal.shellcommon.shareexperience.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.internal.shellcommon.TokenBrokerModal.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Signals.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.System.UserProfile.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Taskbar.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.UI.Shell.WindowTabManager.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Management.InprocObjects.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Management.Provisioning.ProxyStub.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Management.SecureAssessment.CfgProvider.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Management.Service.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Management.Workplace.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Management.Workplace.WorkplaceSettings.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Audio.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.BackgroundMediaPlayback.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Devices.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Editing.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.FaceAnalysis.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Import.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.MediaControl.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.MixedRealityCapture.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Ocr.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Playback.BackgroundMediaPlayer.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Playback.MediaPlayer.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Protection.PlayReady.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Renewal.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Speech.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Speech.UXRes.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Streaming.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Mirage.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Mirage.Internal.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.Connectivity.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.HostName.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.NetworkOperators.ESim.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.Proximity.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.ServiceDiscovery.Dnssd.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.Sockets.PushEnabledApplication.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.UX.EapRequestHandler.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.Vpn.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Payments.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Perception.Stub.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Authentication.Identity.Provider.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Credentials.UI.CredentialPicker.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Credentials.UI.UserConsentVerifier.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Integrity.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Services.TargetedContent.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.SharedPC.AccountManager.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.SharedPC.CredentialProvider.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Shell.BlueLightReduction.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepository.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryBroker.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryClient.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryCore.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryPS.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryUpgrade.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Storage.ApplicationData.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Storage.Compression.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.storage.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Storage.OneCore.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Storage.Search.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Diagnostics.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Launcher.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Profile.HardwareId.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Profile.RetailInfo.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Profile.SystemId.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Profile.SystemManufacturers.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.RemoteDesktop.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.SystemManagement.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.UserDeviceAssociation.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.UserProfile.DiagnosticsSettings.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Accessibility.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.AppDefaults.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.BioFeedback.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.BlockedShutdown.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Core.TextInput.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Cred.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.CredDialogController.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.FileExplorer.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Immersive.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Input.Inking.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Internal.Input.ExpressiveInput.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Logon.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.NetworkUXController.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.PicturePassword.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Search.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Shell.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Shell.Internal.AdaptiveCards.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Storage.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.Controls.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.InkControls.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.Maps.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.Phone.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.Resources.Common.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.XamlHost.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Web.Diagnostics.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Web.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Web.Http.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsActionDialog.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsCodecs.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsCodecsExt.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsCodecsRaw.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsInternal.ComposableShell.ComposerFramework.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsIoTCsp.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windowslivelogin.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsManagementServiceWinRt.ProxyStub.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windowsperformancerecordercontrol.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windowsudk.shellcommon.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winethc.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinFax.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winhttp.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winhttpcom.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinHvEmulation.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wininet.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wininit.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wininitext.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winipsec.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Winlangdb.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winlogon.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winmde.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winmm.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMsoIrmProtector.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinOpcIrmProtector.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinREAgent.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winrnr.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winrscmd.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinRTNetMUAHostServer.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinRtTracing.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinSATAPI.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinSCard.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinSetupUI.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winshfhc.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winsku.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winsockhc.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winspool.drv Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winsta.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wintrust.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinTypes.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WiredNetworkCSP.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wisp.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wkscli.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wkspbroker.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wkspbrokerAx.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wksprt.exe Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wkssvc.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanapi.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlancfg.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WLanConn.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlandlg.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlangpui.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WLanHC.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanhlp.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WlanMediaManager.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WlanMM.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanmsm.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanpref.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WlanRadioManager.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlansec.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlansvc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlansvcpal.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanui.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Wldap32.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wldp.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlgpclnt.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidcli.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidcredprov.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidfdp.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidprov.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlrmdr.exe Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMADMOD.DLL Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMADMOE.DLL Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmdmlog.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmiclnt.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmicmiplugin.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmidcom.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmidx.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMNetMgr.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmp.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMPDMC.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmpdxm.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmpeffects.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMPhoto.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmpshell.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmsgapi.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMSPDMOE.DLL Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMVCORE.DLL Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMVDECOD.DLL Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmvdspa.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMVXENCD.DLL Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WordBreakers.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WorkFolders.exe Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WorkfoldersControl.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WorkFoldersShell.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\workfolderssvc.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wosc.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wow64.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wow64cpu.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wow64win.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wowreg32.exe Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpAXHolder.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Wpc.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcApi.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcDesktopMonSvc.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcMon.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcRefreshTask.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcTok.exe Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcWebFilter.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpd_ci.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpdbusenum.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpdshext.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WPDShServiceObj.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WPDSp.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpnapps.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpnclient.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpncore.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpnpinst.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpnprv.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpnservice.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpnUserService.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpr.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WPTaskScheduler.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpx.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ws2_32.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wscadminui.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wscapi.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wscinterop.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wscisvif.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSCollect.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wscproxystub.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wscript.exe Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wscsvc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wscui.cpl Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSDApi.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSDPrintProxy.DLL Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSDScanProxy.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsecedit.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wshbth.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wshcon.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wshext.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wshhyperv.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wship6.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wshom.ocx Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSHTCPIP.DLL Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsl.exe Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wslapi.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmAgent.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSManHTTPConfig.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSManMigrationPlugin.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmAuto.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsmplpxy.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsmprovhost.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmRes.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmSvc.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmWmiPl.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsp_fs.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsp_health.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsqmcons.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSReset.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wtsapi32.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuapi.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuauclt.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuaueng.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuceffects.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WUDFx.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WUDFx02000.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wudriver.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wups.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wups2.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wusa.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuuhext.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuuhosdeployment.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wvc.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WwaApi.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WwaExt.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WWAHost.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WWanAPI.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwanconn.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WWanHC.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwanmm.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Wwanpref.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwanprotdim.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WwanRadioManager.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwansvc.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwapi.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XamlTileRender.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XAudio2_9.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XblAuthManager.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XblAuthManagerProxy.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XblAuthTokenBrokerExt.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XblGameSave.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XboxGipRadioManager.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xboxgipsvc.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XboxNetApiSvc.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XInput1_4.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XInputUap.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xmlfilter.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xmllite.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xmlprovi.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XpsDocumentTargetPrint.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XpsPrint.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xpsservices.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xwizards.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xwreg.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xwtpdui.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xwtpw32.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\zipfldr.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AdvancedInstallers\cmiv2.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\appraiser.sdb Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\Appraiser_Data.ini Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\Appraiser_TelemetryRunList.xml Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppV\AppVStreamingUX.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ar-SA\comctl32.dll.mui Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ar-SA\comdlg32.dll.mui Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ar-SA\msimsg.dll.mui Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ar-SA\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ar-SA\windows.ui.xaml.dll.mui Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bg-BG\comdlg32.dll.mui Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bg-BG\msimsg.dll.mui Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winload.efi Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winload.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Com\comadmin.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cs-CZ\msimsg.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\da-DK\comdlg32.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\da-DK\msimsg.dll.mui Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\da-DK\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DDFs\NGCProDDF_v1.2_final.xml Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\de-DE\comdlg32.dll.mui Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\de-DE\msimsg.dll.mui Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\de-DE\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.Packaging.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Proxy.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Runtime.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\KernelTraceControl.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\AppxProvider.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\AssocProvider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\CbsProvider.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\DismCore.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\DismHost.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\DismProv.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\DmiProvider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\FfuProvider.dll Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\FolderProvider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\GenericProvider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\IBSProvider.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ImagingProvider.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\IntlProvider.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\LogProvider.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\MsiProvider.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\OfflineSetupProvider.dll Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\OSProvider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ProvProvider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\SetupPlatformProvider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\SmiProvider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\SysprepProvider.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\TransmogProvider.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\UnattendProvider.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\VhdProvider.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\WimProvider.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\afunix.sys Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\agilevpn.sys Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\appid.sys Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\applockerfltr.sys Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\bindflt.sys Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\CEA.sys Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\cimfs.sys Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\Classpnp.sys Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\cldflt.sys Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ClipSp.sys Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\cmimcext.sys Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\condrv.sys Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\csc.sys Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\http.sys Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\hvservice.sys Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\hvsocket.sys Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\IndirectKmd.sys Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ipfltdrv.sys Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\kbldfltr.sys Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\KNetPwrDepBroker.sys Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\MbbCx.sys Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mmcss.sys Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\msgpioclx.sys Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\msquic.sys Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\NdisImPlatform.sys Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\NetAdapterCx.sys Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\nwifi.sys Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\PEAuth.sys Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\PktMon.sys Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rassstp.sys Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rdpdr.sys Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rdpvideominiport.sys Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\scfilter.sys Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\srv2.sys Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\srvnet.sys Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\tbs.sys Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UcmCx.sys Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UcmUcsiCx.sys Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ufx01000.sys Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\vwififlt.sys Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\wcifs.sys Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\wcnfs.sys Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\WdiWiFi.sys Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\wimmount.sys Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\afd.sys.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\bthenum.sys.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\bthport.sys.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\BTHUSB.SYS.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\nwifi.sys.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\PktMon.sys.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\tcpip.sys.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\IddCx.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\SensorsCx.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\UcmCx.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\en-US\dc1-controller.inf_loc Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\en-US\sdbus.inf_loc Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\en-US\storufs.inf_loc Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\en-US\wnetvsc.inf_loc Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\en-US\xinputhid.inf_loc Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\el-GR\msimsg.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\el-GR\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-GB\msimsg.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-GB\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\aadcloudap.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\aadWamExtension.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\adtschema.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\appraiser.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\AppReadiness.dll.mui Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\AppXDeploymentServer.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\assignedaccessguard.exe.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\assignedaccessmanager.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\assignedaccessmanagersvc.dll.mui Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\autochk.exe.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\autoconv.exe.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\Autofmt.exe.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\autopilotdiag.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\bootux.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\combase.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\CryptNgc.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\CustomInstallExec.exe.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\diagtrack.dll.mui Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\DialogBlockingService.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\DMAppsRes.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\dmenterprisediagnostics.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\dmpushroutercore.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\dsreg.dll.mui Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\dsregcmd.exe.mui Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\dsregtask.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\DucUpdateAgent.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\dxgkrnl.sys.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\fcon.dll.mui Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\FirewallAPI.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\fveapi.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\FXSRESM.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\gpresult.exe.mui Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ieframe.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\imapi2fs.dll.mui Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\kernel32.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\KernelBase.dll.mui Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\KeyboardFilterSvc.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\localspl.dll.mui Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\microsoft-windows-system-events.dll.mui Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\mispace.dll.mui Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\mpssvc.dll.mui Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\msacm32.drv.mui Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\msaudite.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\msobjs.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\MusNotificationUx.exe.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\MusNotifyIcon.exe.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\MusUpdateHandlers.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\NaturalAuth.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ntdll.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ntprint.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ntprint.exe.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\OcpUpdateAgent.dll.mui Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ole32.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\OneSettingsClient.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\PktMon.exe.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\refsutil.exe.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\samsrv.dll.mui Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\SecurityHealthAgent.dll.mui Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ShareHost.dll.mui Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\shell32.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\smbwmiv2.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\smphost.dll.mui Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\spwizres.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\srpapi.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\taskbarcpl.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\Taskmgr.exe.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\TsUsbGDCoInstaller.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\tzres.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ulib.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\umrdp.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\UpdatePolicy.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\UserDeviceRegistration.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\UserDeviceRegistration.Ngc.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\utcutil.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\Windows.Management.Service.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\Windows.System.Launcher.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\winlogon.exe.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\winspool.drv.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wlancfg.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wlansvc.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wpd_ci.dll.mui Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ws2_32.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wsl.exe.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wslapi.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\comdlg32.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\msimsg.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-ES\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-MX\comdlg32.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-MX\msimsg.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-MX\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\et-EE\msimsg.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\et-EE\windows.ui.xaml.dll.mui Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\DiagnosticsHub.ScriptedSandboxPlugin.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\DiagnosticsHub_is.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\DiagnosticsTap.dll Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\F12App.dll Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\F12AppFrame.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\F12AppFrame2.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\F12Platform.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\F12Platform2.dll Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\F12Tab.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\IEChooser.exe Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\MemoryAnalyzer.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\perf_nt.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\perfcore.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\Timeline.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\Timeline_is.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fi-FI\msimsg.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fi-FI\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-CA\comctl32.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-CA\comdlg32.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-CA\msimsg.dll.mui Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-CA\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\comctl32.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\comdlg32.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\msimsg.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fr-FR\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\he-IL\msimsg.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\he-IL\windows.ui.xaml.dll.mui Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hr-HR\comdlg32.dll.mui Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hr-HR\msimsg.dll.mui Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hu-HU\comdlg32.dll.mui Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hu-HU\msimsg.dll.mui Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPAPI.DLL Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPCMLD.DLL Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\imjpcus.dll Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPDAPI.DLL Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPLMP.DLL Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPPRED.DLL Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPRANKER.DLL Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPTIP.DLL Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\imjpuexc.exe Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\imjputyc.dll Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEKR\imkrapi.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEKR\imkrudt.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEKR\DICTS\imkrhjd.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMETC\IMTCCFG.DLL Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMETC\IMTCCORE.DLL Handle ID: 0x108 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\ImeBroker.exe Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\imecfmui.exe Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMEFILES.DLL Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMESEARCH.EXE Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMESEARCHDLL.DLL Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMETIP.DLL Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMJKAPI.DLL Handle ID: 0x108 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\MSCAND20.DLL Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHS\ChsAdvancedDS.dll Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHS\ChsEM.dll Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHS\ChsIME.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHS\ChsLexiconUpdateDS.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHS\ChsPinyinDS.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHS\ChsProxyDS.dll Handle ID: 0x108 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHS\ChsRoaming.DLL Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHS\ChsWubiDS.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHS\ServiceDS.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHT\ChtChangjieDS.DLL Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHT\ChtIME.exe Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHT\ChtQuickDS.DLL Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\JPN\Windows.Globalization.JapanesePhoneme.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\SHARED\ChxAdvancedDS.DLL Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\SHARED\ChxEM.DLL Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\SHARED\ChxUserDictDS.DLL Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\SHARED\ImeSystrayMenu.dll Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\SHARED\JpnKorRoaming.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\it-IT\comdlg32.dll.mui Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\it-IT\msimsg.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\it-IT\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\it-IT\windows.ui.xaml.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ja-jp\msimsg.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ja-jp\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\ti_cnn_en-US.table Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\ti_cnn_ja-JP.table Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\ti_cnn_zh-CN.table Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\ti_dnn_fast-fr-FR.table Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\ti_dnn_fast_de-DE.table Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\ti_dnn_fast_es-ES.table Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\ti_dnn_fast_it-IT.table Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\ti_dnn_fast_pt-BR.table Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1031.bin Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1033.bin Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1034.bin Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1036.bin Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1040.bin Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1041.bin Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1046.bin Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}16393.bin Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}2052.bin Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}2057.bin Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}2058.bin Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}3081.bin Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}3084.bin Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}4105.bin Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ko-KR\msimsg.dll.mui Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ko-KR\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lt-LT\comctl32.dll.mui Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lt-LT\msimsg.dll.mui Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lt-LT\windows.ui.xaml.dll.mui Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lv-LV\msimsg.dll.mui Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lv-LV\windows.ui.xaml.dll.mui Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\APMonPortMig.dll Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\AppManMigrationPlugin.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\AppxUpgradeMigrationPlugin.dll Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\audmigplugin.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\bthmigplugin.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\ClipMigPlugin.dll Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\CntrtextMig.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\commig.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\dafmigplugin.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\hwvidmigplugin.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\MapsMigPlugin.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\modemmigplugin.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\msctfmig.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\NgcLocalAccountMigPlugin.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\pnpmig.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\scmdmigplugin.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\ServiceModelRegMigPlugin.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\sppmig.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\SxsMigPlugin.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\TileStoreMigrationPlugin.dll Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\UsbPortMig.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WininetPlugin.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WMIMigrationPlugin.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WpcMigration.Uplevel.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WSearchMigPlugin.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WsUpgrade.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\cmi2migxml.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\csiagent.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\migcore.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\mighost.exe Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\migres.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\migstore.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\MXEAgent.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-ActiveDirectory-WebServices-DL\adwsmigrate.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config\BthMigPlugin.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL\commig.dll Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\adammigrate.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice\mqmigplugin.dll Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TapiSetup\TapiMigPlugin.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\chxmig.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imjpmig.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imkrmig.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\msctfmig.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\TableTextServiceMig.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-WMI-Core\WMIMigrationPlugin.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\capi2_certs-repl.man Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\edpnotify-replacement.man Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\fveapi-replacement.man Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\hwvid-migration-2\hwvidmigplugin.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\microsoft-activedirectory-webservices\adwsmigrate.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\microsoft-windows-audio-mmecore-other\audmigplugin.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-COM-ComPlus-Setup\commig.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-DirectoryServices-ADAM-Client\adammigrate.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\microsoft-windows-iis-rm\iismig.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-Mup\MupMigPlugin.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-OfflineFiles-Core\CscMig.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-RasApi-Mig\pbkmigr.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-RasServer-MigPlugin\RasMigPlugin.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-AppServer-Licensing\tsmigplugin.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\TlsRepPlugin.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-TextServicesFramework-Migration\msctfmig.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\WindowsSearchEngine\WSearchMigPlugin.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nb-NO\comdlg32.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nb-NO\msimsg.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nb-NO\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nl-NL\comctl32.dll.mui Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nl-NL\comdlg32.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nl-NL\msimsg.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nl-NL\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\audit.exe Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\AuditShD.exe Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\cmisetup.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\diagER.dll Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\diagnostic.dll Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobe.exe Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobedui.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobeFirstLogonAnim.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobeplugins.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobewirelessplugin.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\oobecoreadapters.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\oobeldr.exe Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\pnpibs.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\Setup.exe Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\SetupCleanupTask.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\spprgrss.dll Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\unbcl.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\UserOOBE.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\UserOOBEBroker.exe Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\W32UIImg.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\W32UIRes.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\wdsutil.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\win32ui.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\windeploy.exe Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\WinLGDep.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\winsetup.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpenSSH\scp.exe Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpenSSH\sftp.exe Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpenSSH\ssh-add.exe Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpenSSH\ssh-agent.exe Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpenSSH\ssh-keygen.exe Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpenSSH\ssh-keyscan.exe Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpenSSH\ssh.exe Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationInput.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PerceptionSimulation\VirtualCameraManager.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pl-PL\msimsg.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pl-PL\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pl-PL\windows.ui.xaml.dll.mui Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PointOfService\ProtocolProviders\BarcodeScannerProtocolProvider.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PointOfService\ProtocolProviders\CashDrawerProtocolProvider.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PointOfService\ProtocolProviders\PrinterProtocolProvider.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pt-BR\comctl32.dll.mui Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pt-BR\msimsg.dll.mui Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pt-BR\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pt-BR\windows.ui.xaml.dll.mui Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pt-PT\comdlg32.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pt-PT\msimsg.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pt-PT\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ro-RO\msimsg.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ro-RO\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\comctl32.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msimsg.dll.mui Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setup\cmmigr.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setup\FXSOCM.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setup\msdtcstp.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setup\pbkmigr.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setup\RasMigPlugin.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sk-SK\msimsg.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sk-SK\windows.ui.xaml.dll.mui Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sl-SI\comdlg32.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sl-SI\msimsg.dll.mui Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sl-SI\windows.ui.xaml.dll.mui Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\Common\sapi.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\Engines\SR\spsreng.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\Engines\SR\spsrx.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\Engines\SR\srloc.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\Engines\TTS\MSTTSEngine.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\Engines\TTS\MSTTSLoc.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\SpeechUX\SpeechUX.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\SpeechUX\SPTIP.DLL Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\privacy-icon.png Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\sapi_extensions.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:17 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\sapi_onecore.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\SpeechBrokeredApi.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\SpeechModelDownload.exe Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\SpeechServiceWinRTApi.ProxyStub.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\toast-hero-image.png Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\Windows.Speech.Dictation.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\Windows.Speech.Pal.Desktop.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\Windows.Speech.Shell.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\Engines\SR\spsreng_onecore.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\Engines\SR\spsrx_onecore.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\Engines\TTS\MSTTSEngine_OneCore.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\Engines\TTS\MSTTSLoc_OneCore.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spool\prtprocs\x64\winprint.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spool\tools\PrintBrmEngine.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\plugin-manifests-signed\sppwinob-spp-plugin-manifest-signed.xrm-ms Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\pkeyconfig\pkeyconfig-downlevel.xrm-ms Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\DefaultPpd-csvlk-pack-ppdlic.xrm-ms Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\DefaultPpd-Education-ppdlic.xrm-ms Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-ppdlic.xrm-ms Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\DefaultPpd-Enterprise-ppdlic.xrm-ms Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-ppdlic.xrm-ms Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\DefaultPpd-IoTEnterprise-ppdlic.xrm-ms Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\IoTEnterprise-ppdlic.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\DefaultPpd-Professional-ppdlic.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-ppdlic.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalCountrySpecific\DefaultPpd-ProfessionalCountrySpecific-ppdlic.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalCountrySpecific\ProfessionalCountrySpecific-ppdlic.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\DefaultPpd-ProfessionalEducation-ppdlic.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-ppdlic.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalSingleLanguage\DefaultPpd-ProfessionalSingleLanguage-ppdlic.xrm-ms Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalSingleLanguage\ProfessionalSingleLanguage-ppdlic.xrm-ms Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\DefaultPpd-ProfessionalWorkstation-ppdlic.xrm-ms Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-ppdlic.xrm-ms Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\DefaultPpd-ServerRdsh-ppdlic.xrm-ms Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-NONSLP-1-pl.xrm-ms Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-NONSLP-1-ul-oob.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-NONSLP-1-ul-phn.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-NONSLP-1-ul-store.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-SLP-1-ul-oob.xrm-ms Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-SLP-1-ul.xrm-ms Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-ppdlic.xrm-ms Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Retail-1-pl.xrm-ms Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Retail-1-ul-oob.xrm-ms Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Retail-1-ul-phn.xrm-ms Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Retail-1-ul-store.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-GVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-GVLK-1-ul-rtm.xrm-ms Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-GVLK-2-ul-oob.xrm-ms Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-GVLK-2-ul.xrm-ms Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-MAK-1-pl.xrm-ms Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-MAK-1-ul-oob.xrm-ms Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-MAK-1-ul-phn.xrm-ms Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-MAK-1-ul-store.xrm-ms Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sr-Latn-RS\comctl32.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sr-Latn-RS\comdlg32.dll.mui Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sr-Latn-RS\msimsg.dll.mui Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sr-Latn-RS\windows.ui.xaml.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sv-SE\msimsg.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sv-SE\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Sysprep\sysprep.exe Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemResetPlatform\RjvClassicApp.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemResetPlatform\SystemResetSSO.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\th-TH\msimsg.dll.mui Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\th-TH\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tr-TR\comctl32.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tr-TR\comdlg32.dll.mui Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\comctl32.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\comdlg32.dll.mui Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\msimsg.dll.mui Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UNP\UNPUX.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UNP\UNPUXHost.exe Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UNP\UNPUXLauncher.exe Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UNP\UpdateNotificationHelpers.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UNP\UpdateNotificationMgr.exe Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\cimwin32.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\DMWmiBridgeProv.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\DMWmiBridgeProv.mof Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\DMWmiBridgeProv1.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\DMWmiBridgeProv1.mof Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\DMWmiBridgeProv1_Uninstall.mof Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\DMWmiBridgeProv_Uninstall.mof Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\dsprov.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\EmbeddedLockdownWmi.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\esscli.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\fastprox.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\KrnlProv.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\MDMSettingsProv.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\Microsoft.Uev.AgentWmi.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\mofcomp.exe Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\mofd.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\mofinstall.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\msiprov.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\NCProv.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ndisimplatcim.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\NetPeerDistCim.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\netswitchteamcim.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ntevt.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\PrintManagementProvider.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\repdrvfs.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\schedprov.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ServDeps.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\smbwmiv2.mof Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\unsecapp.exe Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\viewprov.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wbemcntl.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wbemcore.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wbemprox.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wbemsvc.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wfascim.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\Win32_EncryptableVolume.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\Win32_Tpm.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WinMgmt.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WinMgmtR.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WMIADAP.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiApRes.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiApRpl.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiApSrv.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WMICOOKR.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiDcPrv.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wmiprov.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiPrvSD.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiPrvSE.exe Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WMIsvc.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wmiutils.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\en-US\wfascim.dll.mui Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceBootstrapAdapter.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\HelloFace.cat Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\HelloFace.inf Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceDetectorResources.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceProcessor.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceProcessorCore.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionEngineAdapter.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionEngineAdapterResources_v4.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionEngineAdapterResourcesCore.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionEngineAdapterResourcesSecure.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionSensorAdapter.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionSensorAdapterResources.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionSensorAdapterVsm.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionSensorAdapterVsmSecure.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceTrackerInternal.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\HelloFace.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppvClientComConsumer.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetSecurity\Microsoft.Windows.Firewall.Commands.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ProcessMitigations\Microsoft.ProcessMitigations.Commands.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ProcessMitigations\Microsoft.ProcessMitigations.Commands.dll-Help.xml Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ProcessMitigations\Microsoft.ProcessMitigations.Commands.ps1xml Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ProcessMitigations\ProcessMitigations.psd1 Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Provisioning\provpackageapi.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbComponent.cdxml Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1 Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\StartLayout\StartLayout.psd1 Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.AI.winmd Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.ApplicationModel.winmd Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Data.winmd Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Devices.winmd Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Foundation.winmd Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Gaming.winmd Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Globalization.winmd Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Graphics.winmd Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Management.winmd Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Media.winmd Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Networking.winmd Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Perception.winmd Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Security.winmd Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Services.winmd Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Storage.winmd Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.System.winmd Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.UI.winmd Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.UI.Xaml.winmd Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Web.winmd Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\zh-CN\comctl32.dll.mui Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\zh-CN\msimsg.dll.mui Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\zh-CN\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\zh-CN\windows.ui.xaml.dll.mui Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\zh-TW\fms.dll.mui Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\zh-TW\msimsg.dll.mui Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\zh-TW\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AAD.Core.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AAD.Core.winmd Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.winmd Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentHost.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentUI.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\resources.pri Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Microsoft.ECApp.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\resources.pri Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\resources.pri Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Win32WebViewHost.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\appxmanifest.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\App.xbf Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AssignedAccessLockApp.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AssignedAccessLockApp.winmd Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\iotassignedaccesslockframework.winmd Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\MainPage.xbf Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\resources.pri Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\CallingShellApp.exe Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\CallingShellAppPresenters.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\resources.pri Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\WindowsInternal.Shell.Experiences.Calling.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\WindowsInternal.Shell.Experiences.CallingShellAppControls.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AntiTheft.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\ApplicationTheme.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudDomainJoin.DataModel.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\cloudexperiencehostapi.provisioning.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostAPI.SyncSettings.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostAPI.winmd Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.Account.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.Cortana.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.Hello.winmd Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.LocalNgc.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.RetailDemo.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.SyncEngine.winmd Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\ContentManagement.winmd Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\enterprisedevicemanagement.enrollment.winmd Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\enterprisedevicemanagement.service.winmd Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Family.Cache.winmd Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.CloudExperienceHost.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.CloudExperienceHost.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\microsoft.resourceaccountmanager.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\MicrosoftAccount.Extension.winmd Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\MicrosoftAccount.TokenProvider.Core.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\MicrosoftAccount.TokenProvider.Core.winmd Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\MicrosoftAccount.UserOperations.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\moderndeployment.autopilot.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\resources.pri Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RetailDemo.Internal.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\SystemSettings.DataModel.winmd Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\UnifiedEnrollment.DataModel.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\userdeviceregistration.ngc.winmd Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\js\oobe-chrome-footer-vm.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\js\appLaunchers\ScoobeAccountState.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\oobeSections.json Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\prod\navigation-scoobe.json Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\prod\navigation.json Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\prod\uriRules.json Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\appManager.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\autoPilot.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\bridge.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\environment.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\events.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\navigator.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\navmesh.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\nointernetpage.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\syncengine.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\tokenProviderManager.js Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\pris\resources.en-US.pri Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilotwhiteglovelanding-page.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilotwhiteglovelanding-vm.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilotwhitegloveresult-page.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeautopilotactivation-page.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeautopilotreboot-page.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeautopilotupdate-page.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeautopilotupdate-vm.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeenterpriseprovisioning-page.js Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeprovisioningprogress-page.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeprovisioningprogress-vm.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeprovisioningstatus-page.js Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeprovisioningstatus-vm.js Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\accountsetupcategoryviewmodel.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\autopilotespprogress-page.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\autopilotespprogress-vm.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\bootstrapsessiongeneralutilities.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\bootstrapstatuscategoryview.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\bootstrapstatussubcategoryviewmodel.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\devicepreparationcategoryviewmodel.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\devicesetupcategoryviewmodel.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\mdmbootstrapsessionutilities.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveSspr\js\ssprerror-page.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveSspr\js\ssprerror-vm.js Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\FileExplorer.exe Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\resources.pri Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\FilePicker.exe Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\resources.pri Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\BingConfigurationClient.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Cortana.Internal.Search.winmd Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Cortana.Search.winmd Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\DefaultSettings.xml Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\resources.pri Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Search.Core.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApi.CppWinrt.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApi.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApi.ProxyStub.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\pris\resources.en-US.pri Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\resources.pri Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIAppShell.winmd Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll Handle ID: 0xc8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.winmd Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.winmd Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.winmd Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\pris\resources.en-US.pri Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\ActivationErrorDialog.xbf Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AddressBoxControl.xbf Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\App.xbf Handle ID: 0x8c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AssessmentPage.xbf Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\ErrorPage.xbf Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\InformationalAlert.xbf Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LockdownDialog.xbf Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\NavigationLandingPage.xbf Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\NetworkConnectivityErrorPage.xbf Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\ProgressPage.xbf Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SchemaActivationEmptyPage.xbf Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessment_JSBridge.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessment_JSBridge.winmd Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartUI.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\GamingTcuiHelpers.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LayoutData.winmd Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping.winmd Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SuggestionUI.winmd Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInput.winmd Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputCommon.winmd Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppxMetadata\CodeIntegrity.cat Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\InputApp.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\LayoutData.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\SuggestionUI.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInput.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputCommon.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\IrisService\IrisService.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClipping.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\windowsudk.winmd Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpApp.exe Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\resources.pri Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\WpcUapApp.exe Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\pris\resources.en-US.pri Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\BatteryFlyoutExperience.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ClockFlyoutExperience.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\DevicesFlowUI.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ImeStatusNotification.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\InputDial.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Insights.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\PenWorkspace.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickConnectUI.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\resources.pri Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SharePickerUI.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\VirtualTouchpadUI.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.ActionCenter.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.SoftLanding.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\appxblockmap.xml Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\appxmanifest.xml Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\appxsignature.p7x Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\CameraBarcodeScannerPreview.exe Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Chakra.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\comdlg32.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\compstui.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\crypt32.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\cryptui.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\cryptuiwizard.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\DataExchange.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\directml.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\dwmcore.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\edgehtml.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\edputil.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ExplorerFrame.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\gpedit.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ieframe.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\inetcpl.cpl.mun Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\LaunchTM.exe.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Magnify.exe.mun Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\mfplat.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\msctf.dll.mun Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\mshtml.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\mssvp.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\mstscax.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\msutb.dll.mun Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\msxml3.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\netshell.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\notepad.exe.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ntshrui.dll.mun Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\printui.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\propsys.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\rasdlg.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\rasgcw.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\rasplap.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\rastls.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\rastlsext.dll.mun Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\remotepg.dll.mun Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\SearchIndexer.exe.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\shell32.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\sppcomapi.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Taskmgr.exe.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\tquery.dll.mun Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\twinui.appcore.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\twinui.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\wiadefui.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\wiashext.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.Pdf.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.Immersive.dll.mun Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Winlangdb.dll.mun Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\wscui.cpl.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\wsecedit.dll.mun Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\wuapi.dll.mun Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\zipfldr.dll.mun Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Microsoft.Windows.SecHealthUI\Microsoft.Windows.SecHealthUI.pri Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Microsoft.Windows.SecHealthUI\pris\Microsoft.Windows.SecHealthUI.en-US.pri Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ShellComponents\ShellComponents.pri Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ShellComponents\pris\ShellComponents.en-US.pri Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ShellComponents.Switcher\ShellComponents.Switcher.pri Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Management.AutopilotResources\Windows.Management.AutopilotResources.pri Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Management.AutopilotResources\pris\Windows.Management.AutopilotResources.en-US.pri Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.Logon\Windows.UI.Logon.pri Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\Windows.UI.SettingsAppThreshold.pri Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\pris\Windows.UI.SettingsAppThreshold.en-US.pri Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\SystemSettings\Assets\Fonts\SetMDL2.ttf Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsHandlers-nt\Windows.UI.SettingsHandlers-nt.pri Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsHandlers-nt\pris\Windows.UI.SettingsHandlers-nt.en-US.pri Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\Windows.UI.ShellCommon.pri Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\pris\Windows.UI.ShellCommon.en-US.pri Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\aadauthhelper.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\aadtb.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\aadWamExtension.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AarSvc.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AboveLockAppHost.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\accountaccessor.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AccountsRt.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AcGenral.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AcLayers.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\acppage.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ActionCenter.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ActivationClient.dll Handle ID: 0x138 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ActivationManager.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\activeds.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\activeds.tlb Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ActiveSyncProvider.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\actxprxy.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AcWinRT.dll Handle ID: 0x138 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\acwow64.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AcXtrnal.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AdaptiveCards.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AdmTmpl.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\adprovider.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\adrclient.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\adsldp.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\adsldpc.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\adtschema.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\advapi32.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\aepic.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\agentactivationruntime.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\agentactivationruntimestarter.exe Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\agentactivationruntimewindows.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\amsi.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\amstream.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\apds.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\APHostClient.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppContracts.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppExtension.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\apphelp.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Apphlpdm.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\appidapi.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppIdPolicyEngineApi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\appidtel.exe Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppInstallerPrompt.Desktop.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppLockerCSP.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppManagementConfiguration.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\appmgmts.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\appmgr.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppointmentActivation.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppointmentApis.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppResolver.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppVClientPS.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppVEntSubsystems32.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppVSentinel.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppVTerminator.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\appwiz.cpl Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxAllUserStore.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxApplicabilityEngine.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppXDeploymentClient.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxPackaging.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxSip.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AssignedAccessRuntime.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AtBroker.exe Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\atl.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\atlthunk.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\atmlib.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AudioEng.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AUDIOKSE.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AudioSes.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\auditpol.exe Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\auditpolcore.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AuditPolicyGPInterop.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AuthBroker.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AuthBrokerUI.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AuthExt.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\authfwcfg.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\authui.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\authz.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\autoconv.exe Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\autofmt.exe Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\avrt.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\azroles.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\azroleui.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AzureSettingSyncProvider.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BackgroundMediaPolicy.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\backgroundTaskHost.exe Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BackgroundTransferHost.exe Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BcastDVRBroker.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BcastDVRClient.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BcastDVRCommon.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BCP47Langs.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BCP47mrm.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\bcrypt.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\bcryptprimitives.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\bidispl.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BingMaps.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BioCredProv.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BitLockerCsp.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\biwinrt.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BluetoothApis.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BrowserSettingSync.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BTAGService.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\btpanui.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BWContextHandler.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ByteCodeGenerator.exe Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cabinet.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CallButtons.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CallHistoryClient.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CameraCaptureUI.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CameraSettingsUIHost.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\capauthz.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\capiprovider.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CastingShellExt.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\catsrv.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\catsrvut.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cdosys.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cdp.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cdprt.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cemapi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\certca.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\certcli.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\certenc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CertEnroll.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CertEnrollCtrl.exe Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\certmgr.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CertPKICmdlet.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CertPolEng.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cewmdm.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cfgbkend.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cfgmgr32.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cfmifs.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Chakra.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Chakradiag.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Chakrathunk.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ChatApis.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CheckNetIsolation.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cic.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CIWmi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\clbcatq.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cldapi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cleanmgr.exe Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ClipboardServer.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Clipc.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CloudExperienceHostCommon.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CloudExperienceHostUser.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CloudNotifications.exe Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\clusapi.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cmd.exe Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cmdial32.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cmifw.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cmintegrator.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cngprovider.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cnvfat.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\colbact.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\coloradapterclient.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\COLORCNV.DLL Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\colorui.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\combase.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comctl32.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comdlg32.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\coml2.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CompPkgSup.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\compstui.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comrepl.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comsnap.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comsvcs.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comuid.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ConfigureExpandedStorage.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\connect.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ConnectedAccountState.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\console.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ConsoleLogon.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ContactActivation.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ContactApis.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\container.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\coreglobconfig.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CoreMas.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CoreMessaging.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CoreShellAPI.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CoreUIComponents.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CPFilters.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CredentialUIBroker.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CredProv2faHelper.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CredProvDataModel.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CredProvHelper.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\credprovhost.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\credprovs.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\credprovslegacy.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\credui.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\crypt32.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptbase.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptdll.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptext.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptnet.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptngc.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CryptoWinRT.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptsp.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptui.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptuiwizard.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cscapi.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cscdll.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cscobj.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cscript.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cttunesvr.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d2d1.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d10warp.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d11.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d11on12.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\D3D12.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\D3D12Core.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d8thk.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d9.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d9on12.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\D3DCompiler_47.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\D3DSCache.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dabapi.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DafPrintProvider.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DataExchange.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\davclnt.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\davhlpr.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DavSyncProvider.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\daxexec.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dbgcore.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dbghelp.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dbnetlib.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dciman32.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dcomp.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ddisplay.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DefaultPrinterProvider.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DesktopShellAppStateContract.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DevDispItemProvider.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\devenum.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\deviceaccess.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DeviceCenter.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DeviceDisplayStatusManager.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DeviceFlows.DataModel.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\devicengccredprov.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DevicePairing.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DevicePairingFolder.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DeviceReactivation.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\devmgr.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\devobj.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\devrtl.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dfrgui.exe Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DfsShlEx.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcore.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcore6.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcsvc.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcsvc6.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DiagnosticInvoker.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dialclient.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DialogBlockerProc.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DictationManager.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dimsroam.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\directmanipulation.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\directml.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\diskpart.exe Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\diskperf.exe Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism.exe Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DismApi.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DispBroker.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dispex.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Display.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DisplayManager.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dllhost.exe Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dlnashext.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DMAlertListener.ProxyStub.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DMAppsRes.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmcmnutils.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmenrollengine.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmiso8601utils.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmocx.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmpushproxy.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DMRCDecoder.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmxmlhelputils.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dnsapi.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DolbyDecMFT.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dot3api.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dot3dlg.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dot3gpui.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dot3hc.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dot3msm.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dpapi.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dpapiprovider.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DragDropExperienceCommon.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DragDropExperienceDataExchangeDelegated.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\drprov.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\drvsetup.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\drvstore.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dsparse.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dsreg.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dsregtask.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dsrole.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dssenh.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dsui.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dtdump.exe Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dtsh.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dui70.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\duser.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dusmapi.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dwmapi.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DWrite.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DWWIN.EXE Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DXCore.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dxdiagn.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dxgi.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dxtmsft.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dxtrans.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eapp3hst.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eappcfg.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eappgnui.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eapphost.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eappprxy.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eapprovp.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eapputil.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eapsimextdesktop.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EapTeapConfig.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EaseOfAccessDialog.exe Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\easwrt.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edgehtml.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edgeIso.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EdgeManager.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EditBufferTestHook.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EditionUpgradeHelper.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EditionUpgradeManagerObj.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edpnotify.exe Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edputil.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\efsext.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\efswrt.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EhStorAPI.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ELSCore.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EmailApis.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\embeddedmodesvcapi.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\enrollmentapi.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ErrorDetails.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EsdSip.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\esent.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eventcls.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\evr.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ExecModelClient.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\execmodelproxy.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\explorer.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ExplorerFrame.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ExSMime.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Faultrep.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FdDevQuery.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fde.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fdPnp.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fdSSDP.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fdWCN.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fdWNet.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fdWSD.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ffbroker.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fidocredprov.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\filemgmt.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\findnetprinters.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fingerprintcredential.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FirewallAPI.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FirewallControlPanel.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FlightSettings.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fltLib.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fltMC.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fontdrvhost.exe Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FontGlyphAnimator.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fontsub.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fphc.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\framedynos.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FrameServerClient.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fveapi.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fveapibase.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fwbase.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fwcfg.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fwpolicyiomgr.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FWPUCLNT.DLL Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FwRemoteSvr.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FXSAPI.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FXSCOM.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FXSCOMEX.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FXSRESM.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GameBarPresenceWriter.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GameBarPresenceWriter.proxy.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GameChatTranscription.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GameInput.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GamePanel.exe Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gameux.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gamingtcui.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gdi32.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gdi32full.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GdiPlus.dll Handle ID: 0x12c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Geocommon.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Geolocation.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\glmf32.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\globinputhost.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\glu32.dll Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gmsaclient.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpapi.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpedit.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpresult.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpscript.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpscript.exe Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpupdate.exe Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GraphicsCapture.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\HdcpHandler.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\HeatCore.dll Handle ID: 0xdc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\HelpPaneProxy.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hgcpl.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hhctrl.ocx Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hid.dll Handle ID: 0x134 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hlink.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hnetcfg.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\HNetCfgClient.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\HoloShellRuntime.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\HrtfApo.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\httpapi.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\HvsiManagementApi.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iasacct.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iasads.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iasdatastore.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iashlpr.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IasMigPlugin.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iasnap.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iaspolcy.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iasrad.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iasrecst.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iassam.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iassdo.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iassvcs.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\icm32.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\icu.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IdCtrls.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IDStore.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieapfltr.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iedkcs32.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieframe.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iemigplugin.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iepeers.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieproxy.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iertutil.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ifsutil.dll Handle ID: 0xc0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\imagehlp.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\imapi.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\imapi2.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\imapi2fs.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\imgutil.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\imm32.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IndexedDbLegacy.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\inetcomm.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\inetcpl.cpl Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\INETRES.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InkEd.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InkObjCore.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\input.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InputHost.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InputInjectionBroker.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InputSwitch.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InputSwitchToastHandler.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InstallService.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InstallServiceTasks.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\instnm.exe Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\intl.cpl Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IPHLPAPI.DLL Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iprtprio.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iprtrmgr.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ipsecsnp.dll Handle ID: 0xcc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ipsmsnap.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iri.dll Handle ID: 0xb0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\isoburn.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\itircl.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\joinutil.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\JpMapControl.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jscript.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jscript9.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jscript9diag.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jsproxy.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kbd101.DLL Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kbd106.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kbd106n.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KBDJPN.DLL Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KBDUS.DLL Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kerberos.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kernel.appcore.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kernel32.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KernelBase.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KeyboardFilterCore.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KeyboardFilterShim.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KeyCredMgr.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ksproxy.ax Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ktmw32.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\L2SecHC.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LanguageOverlayUtil.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LaunchTM.exe Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LaunchWinApp.exe Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LicenseManager.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LicenseManagerApi.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LicensingDiagSpp.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LicensingWinRT.dll Handle ID: 0x9c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\linkinfo.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LocationApi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LockAppBroker.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LockScreenData.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\logagent.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\logman.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\logoncli.dll Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\lpk.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\luainstall.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Magnify.exe Handle ID: 0xc4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MapConfiguration.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MapGeocoder.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MapRouter.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MapsBtSvc.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mavinject.exe Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MbaeApi.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MbaeApiPublic.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mbsmsapi.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mbussdapi.dll Handle ID: 0x118 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MCCSEngineShared.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MCRecvSrc.dll Handle ID: 0x128 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mdmlocalmanagement.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mdmregistration.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MessagingDataModel2.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mf.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mf3216.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfasfsrcsnk.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfaudiocnv.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MFCaptureEngine.dll Handle ID: 0xd0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfcore.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfds.dll Handle ID: 0x130 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfh264enc.dll Handle ID: 0x88 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MFMediaEngine.dll Handle ID: 0x98 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfmkvsrcsnk.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfmp4srcsnk.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfmpeg2srcsnk.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfnetcore.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfnetsrc.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfplat.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MFPlay.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfps.dll Handle ID: 0xa4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfreadwrite.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfsensorgroup.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfsrcsnk.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfsvr.dll Handle ID: 0xac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfvdsp.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mi.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Microsoft.Bluetooth.Proxy.dll Handle ID: 0x70 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Microsoft.Uev.AppAgent.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll Handle ID: 0x90 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MicrosoftAccountWAMExtension.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\midimap.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migisol.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MiracastReceiver.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MiracastReceiverExt.dll Handle ID: 0x148 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mispace.dll Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MitigationConfiguration.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\miutils.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MixedRealityRuntime.dll Handle ID: 0x138 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mlang.dll Handle ID: 0x138 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmc.exe Handle ID: 0x138 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmcndmgr.dll Handle ID: 0x138 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmcshext.dll Handle ID: 0x138 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MMDevAPI.dll Handle ID: 0x138 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmgaclient.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmgaserver.exe Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmsys.cpl Handle ID: 0xbc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:18 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mobilenetworking.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MosHostClient.dll Handle ID: 0x138 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MP43DECD.DLL Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MPG4DECD.DLL Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mpr.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mprddm.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mprdim.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MrmCoreR.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MrmIndexer.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ms3dthumbnailprovider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msaatext.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msacm32.drv Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSAlacDecoder.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSAlacEncoder.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msasn1.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msaudite.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mscms.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msctf.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MsCtfMonitor.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msctfp.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msctfuimanager.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msdtcuiu.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msfeeds.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSFlacDecoder.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSFlacEncoder.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msftedit.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSHEIF.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mshtml.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mshtml.tlb Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mshtmled.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msi.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msimg32.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msimsg.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msinfo32.exe Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msisip.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msIso.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msjet40.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mskeyprotect.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msmpeg2vdec.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msobjs.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msoert2.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSOpusDecoder.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSPhotography.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msra.exe Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MsraLegacy.tlb Handle ID: 0x14c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSRAWImage.dll Handle ID: 0x14c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msrd3x40.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msrdc.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MsRdpWebAccess.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msscntrs.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssitlb.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MsSpellCheckingFacility.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssph.dll Handle ID: 0x14c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssprxy.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssrch.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssvp.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mstext40.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mstsc.exe Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mstscax.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msutb.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msv1_0.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msvbvm60.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msvcp110_win.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msvcp_win.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msvcrt.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSVidCtl.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSVideoDSP.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSVP9DEC.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msvproc.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSVPXENC.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSWB7.dll Handle ID: 0x14c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSWebp.dll Handle ID: 0x14c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mswmdm.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mswsock.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml3.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml3r.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml6.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml6r.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MuiUnattend.exe Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mycomput.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mydocs.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NapiNSP.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncobjapi.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncpa.cpl Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncrypt.dll Handle ID: 0x14c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncryptprov.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncryptsslp.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ndadmin.exe Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ndfapi.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ndfetw.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ndfhcdiscovery.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ndishc.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\net1.exe Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netapi32.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netbtugc.exe Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netcfgx.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netcorehc.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netdiagfx.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetDriverInstall.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netid.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netiougc.exe Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netlogon.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netplwiz.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netprofm.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetSetupApi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetSetupEngine.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetSetupShim.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netshell.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netutils.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetworkCollectionAgent.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\networkhelper.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\newdev.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\newdev.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ngccredprov.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ngckeyenum.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ngclocal.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ninput.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nlaapi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nlmgp.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nlmproxy.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nlmsprep.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NmaDirect.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\normaliz.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\npmproxy.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NPSM.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NPSMDesktopProvider.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nshhttp.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nshipsec.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nshwfp.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntasn1.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntdsapi.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntlanman.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntmarta.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntprint.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntprint.exe Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntshrui.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntvdm64.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ocsetapi.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oemlicense.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\offlinesam.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\offreg.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ole32.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleacc.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleacchooks.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleaut32.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oledlg.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleprn.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\omadmapi.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OnDemandBrokerClient.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OneCoreCommonProxyStub.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OneSettingsClient.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\onex.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OpcServices.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\opengl32.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OpenWith.exe Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\packager.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PackageStateRoaming.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PayloadRestrictions.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pcacli.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pcaui.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pcaui.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PCPKsp.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PCShellCommonProxyStub.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pdh.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PeerDist.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PeerDistSh.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PeopleAPIs.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PerceptionDevice.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfctrs.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfdisk.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfnet.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfos.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfproc.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfts.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PhoneCallHistoryApis.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PhoneOm.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PhonePlatformAbstraction.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Phoneutil.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PhotoMetadataHandler.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PhotoScreensaver.scr Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PickerHost.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PickerPlatform.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Pimstore.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pku2u.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\playlistfolder.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PlaySndSrv.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PlayToDevice.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PlayToManager.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\playtomenu.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PlayToReceiver.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PlayToStatusProvider.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pngfilt.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pnrpnsp.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\policymanager.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\polstore.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PortableDeviceApi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PortableDeviceClassExtension.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PortableDeviceConnectApi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PortableDeviceStatus.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PortableDeviceTypes.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PortableDeviceWiaCompat.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\POSyncServices.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\powrprof.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\prevhost.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PrintPlatformConfig.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\printui.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\printui.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PrintWorkflowService.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PrintWSDAHost.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\prnntfy.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\prntvpt.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\profapi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\profext.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\propsys.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\provcore.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\provmigrate.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\provplatformdesktop.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ProximityCommonPal.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\psapi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\psisdecd.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\puiapi.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\puiobj.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\qdvd.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\qedit.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\quartz.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\quickassist.exe Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\racpldlg.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\RADCUI.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasapi32.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\raschap.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\raschapext.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasdlg.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\raserver.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasgcw.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasman.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasplap.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rastapi.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rastls.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rastlsext.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpbase.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpcore.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpencom.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpendp.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpserverbase.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpsharercom.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpviewerax.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdvgocl32.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdvgogl32.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdvgu1132.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdvgumd32.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdvvmtransport.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ReAgent.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ReAgentc.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\regapi.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\RegCtrl.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\regedit.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\relog.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\remoteaudioendpoint.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\remotepg.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\RemoveDeviceContextHandler.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rendezvousSession.tlb Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ResourcePolicyClient.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\resutils.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rmclient.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Robocopy.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rpcrt4.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rrinstaller.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rsaenh.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rtm.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\RTMediaFrame.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rtutils.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\RTWorkQ.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rundll32.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\runonce.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\samcli.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\samlib.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\scesrv.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\schannel.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\schtasks.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\scripto.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\scrobj.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\scrptadm.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\scrrun.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sdbinst.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sdchange.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sdohlp.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchFilterHost.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchFolder.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchIndexer.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchProtocolHost.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sechost.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\secur32.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sendmail.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SensorsApi.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SensorsUtilsV2.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SessEnv.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SettingMonitor.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SettingSync.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SettingSyncCore.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SettingSyncHost.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setup16.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setupapi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setupcl.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setupcln.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setupugc.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sfc.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sfc_os.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shacct.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ShareHost.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SHCore.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shdocvw.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shell32.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ShellCommonCommonProxyStub.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shimeng.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shlwapi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shsetup.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shwebsvc.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\signdrv.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\slc.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\smartscreenps.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SMBHelperClass.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\smphost.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SndVol.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SndVolSSO.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\socialapis.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spacebridge.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SpatializerApo.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spbcd.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spfileq.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spinf.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spopk.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sppc.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sppcext.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sppcomapi.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spwizeng.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srchadmin.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srmclient.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srmscan.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srmshell.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srmstormod.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srpapi.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srumapi.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srumsvc.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srvcli.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sscore.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ssdm.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\StateRepository.Core.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\stclient.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\stobject.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\StorageContextHandler.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\storagewmi.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\StructuredQuery.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sud.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\svchost.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sxs.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sxstrace.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SyncController.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SyncHost.exe Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SyncInfrastructure.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SyncProxy.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SyncSettings.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\syncutil.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SystemEventsBrokerClient.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SystemSettings.DataModel.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SystemSupportInfo.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SystemUWPLauncher.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tapi3.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TapiMigPlugin.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TaskApis.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\taskcomp.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Taskmgr.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\taskschd.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TaskSchdPS.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tbauth.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tbs.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tcpipcfg.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tdc.ocx Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tdh.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\termmgr.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TextInputFramework.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TextInputMethodFormatter.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TextShaping.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\themeui.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\threadpoolwinrt.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\thumbcache.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ThumbnailExtractionHost.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TileDataRepository.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\timedate.cpl Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tokenbinding.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TokenBroker.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TokenBrokerCookies.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TpmCertResources.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TpmCoreProvisioning.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TpmTool.exe Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tquery.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tracerpt.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TrustedSignalCredProv.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tsgqec.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tsmf.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TSTheme.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TSWorkspace.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TtlsExt.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tttracer.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tvratings.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twext.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinapi.appcore.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinapi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinui.appcore.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinui.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\typeperf.exe Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tzautoupdate.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tzres.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ucmhc.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ucrtbase.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\udhisapi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\uexfat.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ufat.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UiaManager.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UIAnimation.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UIAutomationCore.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\uicom.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ulib.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\umpdc.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Unistore.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\untfs.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\updatepolicy.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\upnp.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\upnpcont.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\upnphost.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\uReFS.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\urlmon.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\user.exe Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\user32.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserAccountBroker.exe Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\useractivitybroker.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\usercpl.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserDataAccountApis.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll Handle ID: 0xa0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserDataTimeUtil.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserDeviceRegistration.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserDeviceRegistration.Ngc.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\userenv.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserLanguageProfileCallback.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\usermgrcli.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserMgrProxy.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\usoapi.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\usp10.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Utilman.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\uudf.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\uxlib.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\uxtheme.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\VAN.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vaultcli.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\VBICodec.ax Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vbscript.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\VCardParser.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\version.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\VIDRESZR.DLL Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\virtdisk.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\VoiceActivationManager.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\VoipRT.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vssapi.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vsstrace.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\w32topl.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wavemsp.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbemcomn.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wcmapi.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WcnApi.dll Handle ID: 0xa8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wcnwiz.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wdscore.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\webauthn.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WebcamUi.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\webio.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\webplatstorageserver.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\webservices.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Websocket.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wecapi.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wecutil.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wer.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\werdiagcontroller.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WerEnc.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\weretw.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WerFault.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WerFaultSecure.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wermgr.exe Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\werui.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wevtapi.dll Handle ID: 0x74 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wevtutil.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wfapigp.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wfdprov.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WfHC.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wiaacmgr.exe Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wiaaut.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wiadefui.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wiascanprofiles.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wiashext.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wimgapi.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\win32k.sys Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\win32kfull.sys Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\win32u.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winbio.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winbrand.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wincorlib.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wincredprovider.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowManagementAPI.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.AccountsControl.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.AI.MachineLearning.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.AI.MachineLearning.Preview.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.ConversationalAgent.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windows.applicationmodel.datatransfer.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.Preview.DOSettings.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Data.Pdf.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Background.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Custom.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Haptics.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Lights.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Midi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Perception.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Picker.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Portable.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Printers.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Printers.Extensions.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Radios.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.SmartCards.Phone.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Usb.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.WiFi.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Energy.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.FileExplorer.Common.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Gaming.Input.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Gaming.Preview.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Gaming.UI.GameBar.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Gaming.XboxLive.Storage.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Globalization.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Globalization.Fontgroups.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Globalization.PhoneNumberFormatting.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Display.BrightnessOverride.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Display.DisplayEnhancementOverride.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Devices.Sensors.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Graphics.Display.DisplayColorManagement.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Graphics.Display.DisplayEnhancementManagement.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Management.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.SecurityMitigationsBroker.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windows.internal.shellcommon.AccountsControlExperience.dll Handle ID: 0x94 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.ShellCommon.PrintExperience.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windows.internal.shellcommon.TokenBrokerModal.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Management.Workplace.dll Handle ID: 0x150 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Audio.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Devices.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Editing.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Import.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.MediaControl.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Ocr.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Speech.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Streaming.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Mirage.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Mirage.Internal.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.HostName.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.ESim.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.Proximity.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll Handle ID: 0xe0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.Vpn.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Payments.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Perception.Stub.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll Handle ID: 0x140 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Integrity.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll Handle ID: 0x114 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Shell.ServiceHostBuilder.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepository.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Storage.Compression.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windows.storage.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Storage.OneCore.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Storage.Search.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Diagnostics.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Diagnostics.TraceReporting.PlatformDiagnosticActions.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Launcher.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Profile.RetailInfo.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Profile.SystemId.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll Handle ID: 0xb4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.RemoteDesktop.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.SystemManagement.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.UserDeviceAssociation.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.UserProfile.DiagnosticsSettings.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Accessibility.dll Handle ID: 0xf8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll Handle ID: 0x14c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Cred.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.dll Handle ID: 0x144 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.FileExplorer.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Immersive.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Search.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Xaml.Controls.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Xaml.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Xaml.InkControls.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Xaml.Maps.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.XamlHost.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Web.Diagnostics.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Web.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Web.Http.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsCodecs.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsCodecsExt.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsCodecsRaw.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windowslivelogin.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windowsperformancerecordercontrol.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinFax.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winhttp.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winhttpcom.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wininet.dll Handle ID: 0x158 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wininitext.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winipsec.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Winlangdb.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winmm.dll Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMsoIrmProtector.dll Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinOpcIrmProtector.dll Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winrnr.dll Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winrscmd.dll Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinRTNetMUAHostServer.exe Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinRtTracing.dll Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinSATAPI.dll Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinSCard.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winshfhc.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winsku.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winsockhc.dll Handle ID: 0x11c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winspool.drv Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winsta.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wintrust.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinTypes.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wisp.dll Handle ID: 0x120 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wkscli.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wkspbrokerAx.dll Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlanapi.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlancfg.dll Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WLanConn.dll Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlandlg.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlangpui.dll Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlanhlp.dll Handle ID: 0x160 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WlanMM.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlanpref.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlanui.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Wldap32.dll Handle ID: 0xfc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wldp.dll Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlgpclnt.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlidcli.dll Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlidcredprov.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlidfdp.dll Handle ID: 0xec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlidprov.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMADMOD.DLL Handle ID: 0x124 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMADMOE.DLL Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmdmlog.dll Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmiclnt.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmidcom.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmidx.dll Handle ID: 0x10c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMNetMgr.dll Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmp.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmpdxm.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmpeffects.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMPhoto.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmpshell.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmsgapi.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMSPDMOE.DLL Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMVCORE.DLL Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMVDECOD.DLL Handle ID: 0x110 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmvdspa.dll Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMVXENCD.DLL Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WordBreakers.dll Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wow32.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wowreg32.exe Handle ID: 0x15c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Wpc.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WpcWebFilter.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wpdshext.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WPDShServiceObj.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WPDSp.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wpnapps.dll Handle ID: 0xd4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wpnclient.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ws2_32.dll Handle ID: 0x164 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wscadminui.exe Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wscapi.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wscinterop.dll Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wscisvif.dll Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wscproxystub.dll Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wscript.exe Handle ID: 0x104 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wscui.cpl Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WSDApi.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsecedit.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wshbth.dll Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wshcon.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wship6.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wshom.ocx Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WSHTCPIP.DLL Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmAgent.dll Handle ID: 0x164 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WSManHTTPConfig.exe Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WSManMigrationPlugin.dll Handle ID: 0x164 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmAuto.dll Handle ID: 0x100 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsmplpxy.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsmprovhost.exe Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmRes.dll Handle ID: 0x164 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmSvc.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmWmiPl.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsp_fs.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsp_health.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wtsapi32.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wuapi.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wuceffects.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wudriver.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wups.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wusa.exe Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wvc.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WwaApi.dll Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WwaExt.dll Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WWAHost.exe Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WWanAPI.dll Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wwapi.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XAudio2_9.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XblAuthManagerProxy.dll Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XInput1_4.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XInputUap.dll Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\xmlfilter.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\xmllite.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\xmlprovi.dll Handle ID: 0x154 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XpsDocumentTargetPrint.dll Handle ID: 0xe8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XpsPrint.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\xpsservices.dll Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\xwizards.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\xwreg.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\xwtpdui.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\xwtpw32.dll Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\zipfldr.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AdvancedInstallers\cmiv2.dll Handle ID: 0xe4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ar-SA\comctl32.dll.mui Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Com\comadmin.dll Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DiagSvcs\KernelTraceControl.dll Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\AppxProvider.dll Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\AssocProvider.dll Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\CbsProvider.dll Handle ID: 0xb8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\DismCore.dll Handle ID: 0x108 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\DismHost.exe Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\DismProv.dll Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\DmiProvider.dll Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\FfuProvider.dll Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\FolderProvider.dll Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\GenericProvider.dll Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\IBSProvider.dll Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ImagingProvider.dll Handle ID: 0x108 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\IntlProvider.dll Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\LogProvider.dll Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\MsiProvider.dll Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\OfflineSetupProvider.dll Handle ID: 0x15c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\OSProvider.dll Handle ID: 0x108 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ProvProvider.dll Handle ID: 0xd8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\SetupPlatformProvider.dll Handle ID: 0x164 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\SmiProvider.dll Handle ID: 0x168 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\SysprepProvider.dll Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\TransmogProvider.dll Handle ID: 0x108 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\UnattendProvider.dll Handle ID: 0x108 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\VhdProvider.dll Handle ID: 0xf4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\WimProvider.dll Handle ID: 0x164 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\drivers\afunix.sys Handle ID: 0xf0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\rdvgogl32.dll.mui Handle ID: 0x168 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\DiagnosticsHub.ScriptedSandboxPlugin.dll Handle ID: 0x164 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\DiagnosticsHub_is.dll Handle ID: 0x170 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\DiagnosticsTap.dll Handle ID: 0x15c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\F12App.dll Handle ID: 0x15c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\F12AppFrame.dll Handle ID: 0x15c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\F12AppFrame2.dll Handle ID: 0x15c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\F12Platform.dll Handle ID: 0x16c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\F12Platform2.dll Handle ID: 0x174 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\F12Tab.dll Handle ID: 0x174 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\IEChooser.exe Handle ID: 0x17c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\MemoryAnalyzer.dll Handle ID: 0x16c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\Timeline.dll Handle ID: 0x174 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\Timeline_is.dll Handle ID: 0x178 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-CA\comctl32.dll.mui Handle ID: 0x178 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fr-FR\comctl32.dll.mui Handle ID: 0x188 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPAPI.DLL Handle ID: 0x16c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPCMLD.DLL Handle ID: 0x16c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\imjpcus.dll Handle ID: 0x16c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPDAPI.DLL Handle ID: 0x16c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPLMP.DLL Handle ID: 0x174 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPPRED.DLL Handle ID: 0x184 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPTIP.DLL Handle ID: 0x184 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\imjpuexc.exe Handle ID: 0x18c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\imjputyc.dll Handle ID: 0x18c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEKR\imkrapi.dll Handle ID: 0x18c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEKR\imkrudt.dll Handle ID: 0x18c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEKR\DICTS\imkrhjd.dll Handle ID: 0x18c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMETC\IMTCCFG.DLL Handle ID: 0x18c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMETC\IMTCCORE.DLL Handle ID: 0x18c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe Handle ID: 0x190 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMEFILES.DLL Handle ID: 0x180 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMESEARCH.EXE Handle ID: 0x190 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMESEARCHDLL.DLL Handle ID: 0x190 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMETIP.DLL Handle ID: 0x174 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMJKAPI.DLL Handle ID: 0x194 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\MSCAND20.DLL Handle ID: 0x194 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InputMethod\JPN\Windows.Globalization.JapanesePhoneme.dll Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\ti_cnn_en-US.table Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\ti_cnn_ja-JP.table Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\ti_cnn_zh-CN.table Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\ti_dnn_fast-fr-FR.table Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\ti_dnn_fast_de-DE.table Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\ti_dnn_fast_es-ES.table Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\ti_dnn_fast_it-IT.table Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\ti_dnn_fast_pt-BR.table Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1031.bin Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1033.bin Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1034.bin Handle ID: 0x1a4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1036.bin Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1040.bin Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1041.bin Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1046.bin Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}16393.bin Handle ID: 0x1a0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}2052.bin Handle ID: 0x1a0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}2057.bin Handle ID: 0x180 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}2058.bin Handle ID: 0x194 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}3081.bin Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}3084.bin Handle ID: 0x19c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}4105.bin Handle ID: 0x1a0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\lt-LT\comctl32.dll.mui Handle ID: 0x180 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\audmigplugin.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\bthmigplugin.dll Handle ID: 0x194 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\CntrtextMig.dll Handle ID: 0x1b0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\commig.dll Handle ID: 0x1a8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\hwvidmigplugin.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\MapsMigPlugin.dll Handle ID: 0x1a8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\modemmigplugin.dll Handle ID: 0x194 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\msctfmig.dll Handle ID: 0x194 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\netiomig.dll Handle ID: 0x194 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\scmdmigplugin.dll Handle ID: 0x194 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\sppmig.dll Handle ID: 0x194 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\SxsMigPlugin.dll Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WininetPlugin.dll Handle ID: 0x1b8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WMIMigrationPlugin.dll Handle ID: 0x1a8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WpcMigration.Uplevel.dll Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WSearchMigPlugin.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WsUpgrade.dll Handle ID: 0x1a4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nl-NL\comctl32.dll.mui Handle ID: 0x1a8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oobe\cmisetup.dll Handle ID: 0x1b0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oobe\SetupCleanupTask.dll Handle ID: 0x1b8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PerceptionSimulation\VirtualCameraManager.dll Handle ID: 0x1b8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pt-BR\comctl32.dll.mui Handle ID: 0x1b0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\comctl32.dll.mui Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setup\cmmigr.dll Handle ID: 0x1b8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setup\msdtcstp.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setup\pbkmigr.dll Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setup\RasMigPlugin.dll Handle ID: 0x1b8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\Common\sapi.dll Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\Engines\SR\spsreng.dll Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\Engines\SR\spsrx.dll Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\Engines\SR\srloc.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\Engines\TTS\MSTTSEngine.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\Engines\TTS\MSTTSLoc.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Common\sapi_onecore.dll Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Common\SpeechModelDownload.exe Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Common\SpeechServiceWinRTApi.ProxyStub.dll Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Common\Windows.Speech.Dictation.dll Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Common\Windows.Speech.Pal.Desktop.dll Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Common\Windows.Speech.Shell.dll Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Engines\SR\spsreng_onecore.dll Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Engines\SR\spsrx_onecore.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Engines\TTS\MSTTSEngine_OneCore.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Engines\TTS\MSTTSLoc_OneCore.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\pkeyconfig\pkeyconfig-downlevel.xrm-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\pkeyconfig\pkeyconfig.xrm-ms Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\DefaultPpd-csvlk-pack-ppdlic.xrm-ms Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sr-Latn-RS\comctl32.dll.mui Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tr-TR\comctl32.dll.mui Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\uk-UA\comctl32.dll.mui Handle ID: 0x1c0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\esscli.dll Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\fastprox.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\Microsoft.Uev.AgentWmi.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\mofcomp.exe Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\mofd.dll Handle ID: 0x1c8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\PrintManagementProvider.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\schedprov.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\viewprov.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\wbemcntl.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\wbemprox.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\wbemsvc.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\Win32_Tpm.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\WMIADAP.exe Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\WMICOOKR.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\WmiDcPrv.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\wmiutils.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll Handle ID: 0x1c0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppvClientComConsumer.dll Handle ID: 0x1b4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\Microsoft.Windows.Firewall.Commands.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Provisioning\provpackageapi.dll Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\SmbComponent.cdxml Handle ID: 0x1c0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1 Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.AI.winmd Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.ApplicationModel.winmd Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Data.winmd Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Devices.winmd Handle ID: 0x1c0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Foundation.winmd Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Gaming.winmd Handle ID: 0x1cc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Globalization.winmd Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Graphics.winmd Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Management.winmd Handle ID: 0x1c0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Media.winmd Handle ID: 0x1cc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Networking.winmd Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Perception.winmd Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Security.winmd Handle ID: 0x1cc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Services.winmd Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Storage.winmd Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.System.winmd Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.UI.winmd Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.UI.Xaml.winmd Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Web.winmd Handle ID: 0x1c4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\zh-CN\comctl32.dll.mui Handle ID: 0x1c0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\14a3f9e824793931d34f7f786a538bbc9ef1f0d6.xml Handle ID: 0x1d4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\20bbcadaff3e0543ef358ba4dd8b74bfe8e747c8.xml Handle ID: 0x1c0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\2213703c9c64cc61ba900531652e23c84728d2a2.xml Handle ID: 0x1c0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\315818c03ccc2b10070df2d4ebd09eb6c4c66e58.xml Handle ID: 0x1c0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\ceb497ee0184aaa4681d2fb2ef242a5b8551eea8.xml Handle ID: 0x1c0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x1c8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x1dc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms Handle ID: 0x1c8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_083d4e330e766c5d.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_46321ba736a30085.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_647a02df72a14032.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_fonts_0428e0346460ac4c.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_en-us_0242687c673a608c.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_nativeimages_ae465c5139d1dacc.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_d97e7188b51e6116.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_wpf_f80a7f17f38f3771.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_windows_communication_foundation_7de82ac14fafbb1e.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v2.0.50727_443de60f3f6e0828.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_c40c7a995ddd757b.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_bc1339ef8efa3c4c.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_fonts_dc62106d96619a3c.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_en-us_dc5fd125966afabc.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_nativeimages_7f83bd6ed8241f3a.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_wpf_b56a2354fbfa0c31.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_windows_communication_foundation_e07323de19ff1b52.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_windowsbase_v4.0_4.0.0.0_31bf3856ad364e35_5764ca98829cd598.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationtypes_v4.0_4.0.0.0_31bf3856ad364e35_1f12bec8f88f4450.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationprovider_v4.0_4.0.0.0_31bf3856ad364e35_6bb637099f04ee2c.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationclientsideproviders_v4.0_4.0.0.0_31bf3856ad364e35_6944991d7b306f0d.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationclient_v4.0_4.0.0.0_31bf3856ad364e35_35816ba0d06901c4.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.xaml_v4.0_4.0.0.0_b77a5c561934e089_6747aba031bff5b1.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.forms.datavisualization_v4.0_4.0.0.0_31bf3856ad364_0478e70360a4d545.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.forms_v4.0_4.0.0.0_b77a5c561934e089_7780f78ea9286b2d.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.controls.ribbon_v4.0_4.0.0.0_b77a5c561934e089_f0c023acb7bafe74.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.web.extensions_v4.0_4.0.0.0_31bf3856ad364e35_472dc08bcbe9e0cb.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.web.applicationservices_v4.0_4.0.0.0_31bf3856ad364e35_68ccda43ca2f1ddf.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.speech_v4.0_4.0.0.0_31bf3856ad364e35_cc6ea888502ba313.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.web_v4.0_4.0.0.0_31bf3856ad364e35_9664587824984869.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.washosting_v4.0_4.0.0.0_b77a5c561934e089_fcc9ffe6a33d9e56.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.internals_v4.0_4.0.0.0_31bf3856ad364e35_648841c36e579803.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.discovery_v4.0_4.0.0.0_31bf3856ad364e35_77886dd12f6a8907.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.channels_v4.0_4.0.0.0_31bf3856ad364e35_3b879384d8488ea3.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.activities_v4.0_4.0.0.0_31bf3856ad364e35_6a8dabdd0e877c8e.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel_v4.0_4.0.0.0_b77a5c561934e089_b63f15dceb7fa3d7.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.security_v4.0_4.0.0.0_b03f5f7f11d50a3a_b1f6c453104409f9.cdf-ms Handle ID: 0x1d8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.runtime.serialization_v4.0_4.0.0.0_b77a5c561934e089_f6fb5cdd6113e4c9.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.identitymodel.services_v4.0_4.0.0.0_b77a5c561934e089_9152e5e9cf585ca0.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.identitymodel_v4.0_4.0.0.0_b77a5c561934e089_b5d483bcf27e78c2.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.drawing.design_v4.0_4.0.0.0_b03f5f7f11d50a3a_251fc3e264cdd5af.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.deployment_v4.0_4.0.0.0_b03f5f7f11d50a3a_e63bb68aefb0cd4a.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.core_v4.0_4.0.0.0_b77a5c561934e089_18d3047bb5729e36.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.configuration_v4.0_4.0.0.0_b03f5f7f11d50a3a_d8a1d11d04cdf6db.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.activities_v4.0_4.0.0.0_31bf3856ad364e35_bdef15cb807505c8.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system_v4.0_4.0.0.0_b77a5c561934e089_4348a29e5981af79.cdf-ms Handle ID: 0x1c8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_smdiagnostics_v4.0_4.0.0.0_b77a5c561934e089_8a46d250f4d4a9d0.cdf-ms Handle ID: 0x1c8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_presentationframework-systemdata_v4.0_4.0.0.0_b77a5c561934e089_89b90455552a8828.cdf-ms Handle ID: 0x1c8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_presentationframework_v4.0_4.0.0.0_31bf3856ad364e35_b57a3b1abb4f9cb2.cdf-ms Handle ID: 0x1c8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86__676bbe2c7241b694.cdf-ms Handle ID: 0x1c8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_41115a5fd4566dab.cdf-ms Handle ID: 0x1dc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_ad470207ad610db1.cdf-ms Handle ID: 0x1dc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_b81ea2cfde84fb19.cdf-ms Handle ID: 0x1dc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_v3.0_1dfad1527dc1078c.cdf-ms Handle ID: 0x1dc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0x1dc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_f89c5a39d351281a.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_a4ba21b6f468ca9e.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_61efdd9e2d0263ca.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll Handle ID: 0x1dc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll Handle ID: 0x1dc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll Handle ID: 0x1dc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll Handle ID: 0x1ac Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll Handle ID: 0x1d8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll Handle ID: 0x1d8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll Handle ID: 0x6c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll Handle ID: 0x6c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll Handle ID: 0x6c Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll Handle ID: 0x1cc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\peverify.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceMonikerSupport.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.Design.dll Handle ID: 0x84 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Services.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll Handle ID: 0x78 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll Handle ID: 0x1cc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll Handle ID: 0x1cc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Internals.dll Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.WasHosting.dll Handle ID: 0x1e8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Web.dll Handle ID: 0x1e8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll Handle ID: 0x1e8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll Handle ID: 0x1e8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll Handle ID: 0x1cc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll Handle ID: 0x1cc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll Handle ID: 0x1cc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\NativeImages\mscorlib.ni.dll Handle ID: 0x1bc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll Handle ID: 0x1c0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC2_v0400.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC_v0400.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemData.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe Handle ID: 0x1e8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll Handle ID: 0x1e8 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.configuration.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Data.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Security.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.RegularExpressions.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMdiagnostics.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.ServiceModel.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PenIMC.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationHostDLL.dll Handle ID: 0x1ec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll Handle ID: 0x1f0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\compatjit.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\peverify.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceMonikerSupport.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll Handle ID: 0x1e0 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll Handle ID: 0x1e4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll Handle ID: 0x1fc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll Handle ID: 0x1fc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NativeImages\mscorlib.ni.dll Handle ID: 0x1fc Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll Handle ID: 0x1f4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC2_v0400.dll Handle ID: 0x1f4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC_v0400.dll Handle ID: 0x1f4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll Handle ID: 0x1f4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll Handle ID: 0x1ec Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll Handle ID: 0x1f4 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll Handle ID: 0x200 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui Handle ID: 0x200 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 18:47:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsSense.exe Handle ID: 0x208 Process Information: Process ID: 0x25c8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;OICISAFA;0x10d0000;;;WD)
|
| | Security | Audit Success | 103 | 2021-10-17 18:47:38 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:50 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xac New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:50 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xac Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:50 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2021-10-17 18:47:50 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:52 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x330 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:54 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x370 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:54 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x37c New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x370 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:54 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3cc New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:54 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3d4 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x370 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:54 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3e4 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3cc Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:54 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x350 New Process Name: ????????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3cc Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:54 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x418 New Process Name: ???????????????-??6??0????0--?0??????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x350 Creator Process Name: ??????????????????????4 Process Command Line: ????0--?0??????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 18:47:54 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x42c New Process Name: ?????????????????e??? ????????? ?????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x350 Creator Process Name: ??????????????????????4 Process Command Line: ????0--?0??????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12292 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3d4 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0x13fc7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3d4 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0x14007 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1aa66 Linked Logon ID: 0x1aa81 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1aa81 Linked Logon ID: 0x1aa66 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x350 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1aa66 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1aa81 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x460 New Process Name: ????????????????-??6??4????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3d4 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x474 New Process Name: ??????????????e??? ????????? ???????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3d4 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x13ca9
|
| | Security | Audit Success | 13826 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1098 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1058 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1098 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:48:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1058 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2021-10-17 18:48:03 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x14d175 Linked Logon ID: 0x14d9bc Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x14d9bc Linked Logon ID: 0x14d175 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x14d175 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2021-10-17 18:48:57 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x974 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Process Information: Process ID: 3580 Process Creation Time: 2021-10-17T11:48:57.9372365Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\duthien-asus\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Process Information: Process ID: 3580 Process Creation Time: 2021-10-17T11:48:57.9372365Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7604 Process Creation Time: 2021-10-17T11:48:58.2301306Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7604 Process Creation Time: 2021-10-17T11:48:58.2301306Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x604 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:48:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2021-10-17 18:49:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x564 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 18:49:03 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x564 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12290 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7604 Process Creation Time: 2021-10-17T11:48:58.2301306Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: adfac44508e5f59e Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\79fb3cb982d76632ab44dfda06e042a7_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7604 Process Creation Time: 2021-10-17T11:48:58.2301306Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 4726: A user account was deleted. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d175 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1000 Account Name: defaultuser0 Account Domain: DESKTOP-31RMJIC Additional Information: Privileges -
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d175 Member: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1000 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 4729: A member was removed from a security-enabled global group. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d175 Member: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1000 Account Name: - Group: Security ID: S-1-5-21-2686359826-4124161782-3209672449-513 Group Name: None Group Domain: DESKTOP-31RMJIC Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2021-10-17 18:49:04 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d175 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x974 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2092 Process Creation Time: 2021-10-17T11:48:02.3716145Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\b0f91114c9d74d35ef6a281362144592_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2092 Process Creation Time: 2021-10-17T11:48:02.3716145Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2092 Process Creation Time: 2021-10-17T11:48:02.3716145Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2092 Process Creation Time: 2021-10-17T11:48:02.3716145Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2092 Process Creation Time: 2021-10-17T11:48:02.3716145Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x1ed7b6 Linked Logon ID: 0x1ed7fb Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x1ed7fb Linked Logon ID: 0x1ed7b6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x474 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x1ef473 Linked Logon ID: 0x1ef51b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x474 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x1ef51b Linked Logon ID: 0x1ef473 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x474 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1ef51b Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1ed7fb Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1ef473 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1ed7b6 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x1ed7b6 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x1ef473 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:08 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:49:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:49:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:49:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x26f0 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:50:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:50:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:52:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:52:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 18:53:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:53:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:53:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2c04 Process Name: C:\Users\DUTHIE~1\AppData\Local\Temp\7zS022066E5\Installer.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:55:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:58:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x26f0 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 12292 | 2021-10-17 18:58:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2092 Process Creation Time: 2021-10-17T11:48:02.3716145Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 18:58:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2092 Process Creation Time: 2021-10-17T11:48:02.3716145Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-17 18:58:30 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x26f0 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:58:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x522671 Linked Logon ID: 0x5226af Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26f0 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Chrome Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:58:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x5226af Linked Logon ID: 0x522671 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26f0 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Chrome Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-17 18:58:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5226af Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-17 18:58:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x522671 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:58:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x522671 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:58:30 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 18:59:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:59:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:14 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 18:59:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 18:59:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 18:59:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 19:03:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:03:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:03:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:03:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:03:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:03:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xf94 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xf94 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xf94 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xf94 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xf94 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xf94 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:03:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:04:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:05:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 19:06:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:06:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2021-10-17 19:06:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3088 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 19:06:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3088 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:07:48 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:07:48 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:07:48 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:07:48 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:07:48 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:07:48 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:07:48 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:07:48 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2021-10-17 19:08:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:08:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3268 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3268 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3268 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3268 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3268 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3268 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3268 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 19:08:28 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3268 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 19:09:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:09:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:09:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:09:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:11:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:11:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2021-10-17 19:11:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x34bc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 19:11:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x34bc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 19:12:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:12:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 19:12:06 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:16:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 19:17:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 19:17:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:17:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 19:17:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 19:17:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:17:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:17:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:17:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:17:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:17:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 19:17:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 19:17:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:17:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 19:17:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:17:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:17:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 19:17:25 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:17:25 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:17:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:17:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:17:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:24 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:24 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 19:27:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 19:31:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:31:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:36:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:36:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:38:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:38:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:41:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:41:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:43:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:43:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:48:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:48:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:48:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:48:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:48:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:48:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 19:53:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 19:53:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:00:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:00:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:00:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:00:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:04:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:04:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:04:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:04:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:06:34 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d175 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x3598 Process Name: C:\Program Files\Git\usr\bin\bash.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:09:02 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:45 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Administrator Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:45 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: DefaultAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:45 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Guest Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:45 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: WDAGUtilityAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 12544 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1eb8 Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:12:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:13:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:13:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:14:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:14:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:14:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:14:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:15:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:15:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:15:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:18:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:18:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:21:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:21:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:22:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x29d4 Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:22:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x30dc Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:22:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x29cc Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:22:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1dbc Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:22:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xbb0 Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:22:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x203c Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:22:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2220 Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:22:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2e90 Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 20:25:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-17 20:25:54 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x14d9bc This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:25:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:25:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:25:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:25:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:25:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:25:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xb54 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nvspinfo.exe Handle ID: 0x64 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\lxcore.sys Handle ID: 0x64 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\lxss.sys Handle ID: 0x64 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\VmsProxy.sys Handle ID: 0x64 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\VmsProxyHNic.sys Handle ID: 0x64 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\vmswitch.sys Handle ID: 0x64 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\en-US Handle ID: 0x64 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_lxss_1bf24533bb30d910.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_en-us_4555b1beb1c13883.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_lxss_066555c1df2fab48.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_lxss_tools_74d567c39048f17f.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_lxss_lib_ea8b312698023679.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_lxss_en-us_76f1fdbb8b88acc4.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_driverstore_a531a9c6b3dfcf87.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_driverstore_en-us_f6b4aaeeda14a371.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bash.exe Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetMgmtIF.dll Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nmbind.exe Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nmscrub.exe Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\p9np.dll Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmsif.dll Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmsifcore.dll Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmsifproxystub.dll Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wslconfig.exe Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\p9rdr.sys Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\vmbkmclr.sys Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\vmswitch.sys.mui Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\en-US\wvms_mp_windows.inf_loc Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\en-US\wvms_pp.inf_loc Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\en-US\wvms_vsft.inf_loc Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\en-US\wvms_vspp.inf_loc Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\bash.exe.mui Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\NetMgmtIF.dll.mui Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wslconfig.exe.mui Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\LxssManager.dll Handle ID: 0x6c Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\LxssManagerProxyStub.dll Handle ID: 0x6c Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\wslclient.dll Handle ID: 0x6c Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\wslhost.exe Handle ID: 0x6c Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\en-US\LxssManager.dll.mui Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\en-US\wslclient.dll.mui Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\lib\libd3d12.so Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\lib\libd3d12core.so Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\lib\libdxcore.so Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\tools\bsdtar Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\tools\ext4.vhdx.gz Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\tools\init Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\tools\initrd.img Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\NetNat.dll Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\NetNat.mof Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\en-US\NetNat.dll.mui Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\en-US\netNat.mfl Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\p9np.dll Handle ID: 0x78 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-17 20:25:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\lxss\LxssManagerProxyStub.dll Handle ID: 0x70 Process Information: Process ID: 0x18f8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 103 | 2021-10-17 20:25:56 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2021-10-17 20:26:10 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xac New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 20:26:10 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xac Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2021-10-17 20:26:10 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x284 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2021-10-17 20:26:10 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2021-10-17 20:26:13 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x334 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 20:26:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x370 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 20:26:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x378 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x370 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 20:26:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3c8 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x284 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 20:26:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3d0 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x370 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 20:26:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3d8 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3c8 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3d0 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0x11aa3 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3d0 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4b8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0x128ce Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4b8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4b8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18a90 Linked Logon ID: 0x18ad4 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4b8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18ad4 Linked Logon ID: 0x18a90 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4b8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18a90 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18ad4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x324 New Process Name: ????????????????-??6??0????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3d0 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x334 New Process Name: ??????????????e??? ????????? ???????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3d0 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x117e3
|
| | Security | Audit Success | 13826 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xd70 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xd70 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xee0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 20:26:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xee0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:16 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:19 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xba4 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x70931 Linked Logon ID: 0x70b14 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xba4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x70b14 Linked Logon ID: 0x70931 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xba4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x70931 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:19 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12290 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Process Information: Process ID: 7316 Process Creation Time: 2021-10-17T13:26:20.1818906Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\duthien-asus\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Process Information: Process ID: 7316 Process Creation Time: 2021-10-17T13:26:20.1818906Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8312 Process Creation Time: 2021-10-17T13:26:20.4701397Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8312 Process Creation Time: 2021-10-17T13:26:20.4701397Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x5b4 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x970 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1fec Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2021-10-17 20:26:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1fec Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12290 | 2021-10-17 20:26:21 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:21 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8312 Process Creation Time: 2021-10-17T13:26:20.4701397Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: adfac44508e5f59e Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\79fb3cb982d76632ab44dfda06e042a7_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:21 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8312 Process Creation Time: 2021-10-17T13:26:20.4701397Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 800 Process Creation Time: 2021-10-17T13:26:15.3578412Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\b0f91114c9d74d35ef6a281362144592_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 800 Process Creation Time: 2021-10-17T13:26:15.3578412Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 800 Process Creation Time: 2021-10-17T13:26:15.3578412Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 800 Process Creation Time: 2021-10-17T13:26:15.3578412Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 800 Process Creation Time: 2021-10-17T13:26:15.3578412Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xba4 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xcbed0 Linked Logon ID: 0xcbf15 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xba4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xcbf15 Linked Logon ID: 0xcbed0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xba4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x334 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xcd7f8 Linked Logon ID: 0xcd8c9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x334 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xcd8c9 Linked Logon ID: 0xcd7f8 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x334 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xcd8c9 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xcbf15 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xcbed0 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xcd7f8 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xcbed0 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xcd7f8 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:26 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:31 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:26:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:27:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:27:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:27:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:27:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:27:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:27:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:27:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:27:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:27:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:27:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:27:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xb38 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 20:28:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:28:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:28:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:28:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:36:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:36:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:31 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xb64 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xb64 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xb64 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:36 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Administrator Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:36 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: DefaultAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:36 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Guest Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:36 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: WDAGUtilityAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-17 20:36:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1eb0 Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:37:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:37:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:37:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:37:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2d10 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2d10 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2d10 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2d10 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2d10 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2d10 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:41:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:41:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:41:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:41:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:41:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Administrator Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: DefaultAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Guest Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: WDAGUtilityAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2408 Process Name: C:\Windows\System32\RuntimeBroker.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:51:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:51:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:51:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:52:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:52:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:52:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:52:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:52:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:52:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:52:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:52:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:52:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-17 20:53:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-17 20:53:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:53:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 20:56:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 20:56:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 21:07:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 21:07:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 21:07:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 21:07:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 21:11:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xfac Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 21:11:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xaf8 Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 21:12:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x600 Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 21:12:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a10 Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 12544 | 2021-10-17 21:21:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 21:21:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 21:21:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 21:21:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 21:26:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 21:26:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 21:30:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 21:30:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 21:30:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 21:30:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 21:36:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 21:36:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 21:36:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 21:36:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 21:41:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 21:41:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 21:44:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 21:44:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 21:56:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 21:56:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 22:11:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 22:11:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 22:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 22:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 22:26:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 22:26:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 22:26:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 22:26:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 22:26:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 22:26:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 22:31:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-17 22:31:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 22:31:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-17 22:31:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 22:38:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 22:38:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 22:41:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 22:41:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 22:43:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 22:43:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 22:44:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 22:44:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-17 22:44:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-17 22:44:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 103 | 2021-10-17 22:44:19 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 12544 | 2021-10-17 22:44:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-17 22:44:19 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x70b14 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2021-10-17 22:44:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-17 22:44:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xba4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 22:44:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xba4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 22:44:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xba4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 22:44:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xba4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-17 22:44:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xba4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13312 | 2021-10-18 06:29:00 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xac New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-18 06:29:00 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xac Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2021-10-18 06:29:00 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x25c New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2021-10-18 06:29:00 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2021-10-18 06:29:01 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x290 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x25c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-18 06:29:02 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x32c New Process Name: ??????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x25c Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-18 06:29:02 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x34c New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x32c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3a4 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0x10f10 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3a4 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0x1176e Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17fa8 Linked Logon ID: 0x17fcc Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17fcc Linked Logon ID: 0x17fa8 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x444 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x7ac Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x24468 Linked Logon ID: 0x24915 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7ac Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x24915 Linked Logon ID: 0x24468 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7ac Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17fa8 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17fcc Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x24468 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x39c New Process Name: ??????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x25c Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3a4 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x32c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3ac New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x39c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3ec New Process Name: ????????????????-??6??4????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3a4 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3f8 New Process Name: ??????????????e??? ????????? ???????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3a4 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x10cee
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:03 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12290 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Process Information: Process ID: 2972 Process Creation Time: 2021-10-17T23:29:04.0413165Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\duthien-asus\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Process Information: Process ID: 2972 Process Creation Time: 2021-10-17T23:29:04.0413165Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7328 Process Creation Time: 2021-10-17T23:29:04.7374619Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7328 Process Creation Time: 2021-10-17T23:29:04.7374619Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x6f0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xfd8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xfd8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x12e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-18 06:29:04 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x12e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7328 Process Creation Time: 2021-10-17T23:29:04.7374619Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: adfac44508e5f59e Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\79fb3cb982d76632ab44dfda06e042a7_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7328 Process Creation Time: 2021-10-17T23:29:04.7374619Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x56c Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x206c Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2021-10-18 06:29:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x206c Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:16 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12290 | 2021-10-18 06:29:19 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:19 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2264 Process Creation Time: 2021-10-17T23:29:03.8005761Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\b0f91114c9d74d35ef6a281362144592_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:19 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2264 Process Creation Time: 2021-10-17T23:29:03.8005761Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:19 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2264 Process Creation Time: 2021-10-17T23:29:03.8005761Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:19 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2264 Process Creation Time: 2021-10-17T23:29:03.8005761Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-18 06:29:19 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2264 Process Creation Time: 2021-10-17T23:29:03.8005761Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:19 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x7ac Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xce93d Linked Logon ID: 0xce985 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7ac Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xce985 Linked Logon ID: 0xce93d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7ac Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xce93d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:19 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:20 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3f8 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xd0734 Linked Logon ID: 0xd08ce Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xd08ce Linked Logon ID: 0xd0734 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f8 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-18 06:29:20 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xd08ce Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-18 06:29:20 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xce985 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-18 06:29:20 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xd0734 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-18 06:29:20 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xce93d Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xd0734 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:20 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:29:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 06:29:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:29:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:30:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2afc Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 12544 | 2021-10-18 06:30:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:30:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:30:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:30:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 06:30:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:30:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 06:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 06:33:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:33:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:33:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:33:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:33:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 06:35:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:35:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:35:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 06:35:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:35:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:35:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xeb0 Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x144c Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x144c Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x144c Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x144c Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:35:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x144c Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 13826 | 2021-10-18 06:35:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x144c Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 13826 | 2021-10-18 06:35:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x144c Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 13826 | 2021-10-18 06:35:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x144c Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 12544 | 2021-10-18 06:35:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:35:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 06:35:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:35:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:37:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:37:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:37:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:37:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:39:16 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:39:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:39:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:39:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-18 06:42:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:42:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 06:42:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 06:44:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:44:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 06:44:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x19d8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:44:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x19d8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:44:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x19d8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:44:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x19d8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:44:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x19d8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 06:44:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x19d8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-18 06:52:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 06:52:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 07:02:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 07:02:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 07:13:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 07:13:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 07:13:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 07:13:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 07:21:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 07:21:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 07:26:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 07:26:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 07:26:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 07:26:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 07:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 07:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 07:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 07:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 07:35:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 07:35:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 07:44:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 07:44:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 07:46:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 07:46:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 07:46:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 07:46:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:01:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 08:01:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:01:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 08:01:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:07:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:07:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:16:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:16:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:27:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:27:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:28:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:28:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:28:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 08:29:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 08:29:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:29:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 08:29:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:34:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:34:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:34:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:34:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:34:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:34:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 08:35:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 08:35:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:35:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 08:35:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:35:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:35:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:35:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:35:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:18 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:35:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 08:45:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:45:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:18 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 08:45:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-18 08:58:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:58:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:58:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:58:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 08:58:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 08:58:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 08:58:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 08:58:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 09:04:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 09:04:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 09:15:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 09:15:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 09:15:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 09:15:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 09:15:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 09:15:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 09:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 09:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 09:34:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 09:34:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 09:40:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 09:40:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:41:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:42:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:42:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:42:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 09:42:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 09:59:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 09:59:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 09:59:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 09:59:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 09:59:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 09:59:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 10:18:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 10:18:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 10:19:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 10:19:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 10:19:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 10:19:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 10:22:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 10:22:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 10:22:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 10:22:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 10:27:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 10:27:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 10:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 10:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 10:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 10:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 10:38:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 10:38:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 10:38:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 10:38:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 10:38:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 10:38:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 10:44:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 10:44:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 10:44:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 10:44:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 11:19:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 11:19:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 11:20:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 11:20:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 11:20:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 11:20:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 11:21:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 11:21:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:23:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Administrator Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: DefaultAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Guest Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:07 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: WDAGUtilityAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-18 11:24:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a70 Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 12544 | 2021-10-18 11:25:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 11:25:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 11:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 11:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 11:33:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 11:33:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 11:33:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 11:34:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 11:34:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 11:34:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x874 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-18 11:57:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 11:57:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 12:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 12:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 12:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 12:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 12:18:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 12:18:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 12:18:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 12:18:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 12:25:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 12:25:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 12:29:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 12:29:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 12:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 12:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 12:43:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 12:43:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 12:43:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 12:43:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 12:43:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 12:43:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 12:43:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 12:43:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 12:43:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 12:43:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 12:43:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 12:43:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 12:59:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 12:59:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 13:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 13:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 13:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 13:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 13:07:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 13:07:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 13:07:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 13:07:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 13:07:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 13:07:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 13:13:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 13:13:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 13:29:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 13:29:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 14:07:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:07:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 14:07:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 14:07:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:07:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 14:07:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 14:07:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:07:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Users\Default\AppData\Local\Microsoft\WindowsApps Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\Boot Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\schemas\EAPHost Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\schemas\EAPMethods Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\servicing Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\servicing\Packages Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\servicing\Sessions Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\servicing\SQM Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\Speech\Common Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\AdvancedInstallers Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\Boot Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\RasToast Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\Speech\Common Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\SysWOW64\AdvancedInstallers Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WaaS Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps Handle ID: 0x5f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shell32_31bf3856ad364e35_10.0.19041.1_none_221a3861b159743a\WindowsShell.Manifest Handle ID: 0x674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nt-core-bootmanager_31bf3856ad364e35_10.0.19041.1_none_a1c3d9420e6939cc\BootDebuggerFiles.ini Handle ID: 0x66c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ore-bootmanager-efi_31bf3856ad364e35_10.0.19041.1_none_3d71f65b3bbd6193\boot.stl Handle ID: 0x664 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:42 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_10.0.19041.1_none_dc058eb644f1f90b\bfsvc.exe Handle ID: 0x640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kdnet_uart16550.dll Handle ID: 0x650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ggertransport-kdnet_31bf3856ad364e35_10.0.19041.1_none_9358d67af855fc5a\kdstub.dll Handle ID: 0x634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_10df.dll Handle ID: 0x624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_1137.dll Handle ID: 0x63c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_1af4.dll Handle ID: 0x64c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_07_1415.dll Handle ID: 0x660 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_1969.dll Handle ID: 0x65c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_15b3.dll Handle ID: 0x654 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_19a2.dll Handle ID: 0x638 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ore-bootmanager-efi_31bf3856ad364e35_10.0.19041.1_none_3d71f65b3bbd6193\winsipolicy.p7b Handle ID: 0x650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_0C_8086.dll Handle ID: 0x640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1_none_250b9aff0f5d41ee\notepad.exe Handle ID: 0x634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_29841988436f4072\memtest.efi.mui Handle ID: 0x664 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_46694069b3c83c61\bootmgr.efi.mui Handle ID: 0x66c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_f172b704a150188c\bootmgfw.efi.mui Handle ID: 0x674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_46694069b3c83c61\bootmgfw.efi.mui Handle ID: 0x624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_f172b704a150188c\bootmgr.efi.mui Handle ID: 0x670 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_da-dk_c6bdf9af39b53c71\memtest.efi.mui Handle ID: 0x67c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_da-dk_8eac972b9796148b\bootmgr.efi.mui Handle ID: 0x63c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..ence-mitigations-c7_31bf3856ad364e35_10.0.19041.1_none_c219476991a48a52\drvmain.sdb Handle ID: 0x678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_da-dk_8eac972b9796148b\bootmgfw.efi.mui Handle ID: 0x688 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_de-de_c3e98eeb3b8b910b\memtest.efi.mui Handle ID: 0x658 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_el-gr_6c7fbc7e2aa0f999\memtest.efi.mui Handle ID: 0x64c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_de-de_8bd82c67996c6925\bootmgfw.efi.mui Handle ID: 0x620 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_14e4.dll Handle ID: 0x684 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_en-gb_2d4047428d21c125\bootmgfw.efi.mui Handle ID: 0x660 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_de-de_8bd82c67996c6925\bootmgr.efi.mui Handle ID: 0x680 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_el-gr_346e59fa8881d1b3\bootmgfw.efi.mui Handle ID: 0x68c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_el-gr_346e59fa8881d1b3\bootmgr.efi.mui Handle ID: 0x65c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.1_none_aa1fc2e87b362d12\regedit.exe Handle ID: 0x694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_en-gb_2d4047428d21c125\bootmgr.efi.mui Handle ID: 0x690 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_6cda64e42a699cd0\memtest.efi.mui Handle ID: 0x654 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_en-us_34c90260884a74ea\bootmgr.efi.mui Handle ID: 0x698 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_es-es_6ca5c1c82a908e75\memtest.efi.mui Handle ID: 0x69c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_8086.dll Handle ID: 0x6a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_es-es_34945f448871668f\bootmgfw.efi.mui Handle ID: 0x638 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_en-us_34c90260884a74ea\bootmgfw.efi.mui Handle ID: 0x650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_es-es_34945f448871668f\bootmgr.efi.mui Handle ID: 0x6a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_et-ee_2e542ad48c77431e\bootmgfw.efi.mui Handle ID: 0x6a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_es-mx_36cb4cea87054a3a\bootmgfw.efi.mui Handle ID: 0x640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_0bc0c6751faa809f\memtest.efi.mui Handle ID: 0x6ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_es-mx_36cb4cea87054a3a\bootmgr.efi.mui Handle ID: 0x6b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_et-ee_2e542ad48c77431e\bootmgr.efi.mui Handle ID: 0x634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_d3af63f17d8b58b9\bootmgfw.efi.mui Handle ID: 0x6b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_d3af63f17d8b58b9\bootmgr.efi.mui Handle ID: 0x6bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0f5d37c71d62a4d7\memtest.efi.mui Handle ID: 0x6c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_10ec.dll Handle ID: 0x6c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_cfc21f8d801be317\bootmgfw.efi.mui Handle ID: 0x6c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_cfc21f8d801be317\bootmgr.efi.mui Handle ID: 0x6cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_56cdb80f01c273f3\memtest.efi.mui Handle ID: 0x6d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d74bd5437b437cf1\bootmgfw.efi.mui Handle ID: 0x6d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_1d882fc56065eaa5\bootmgfw.efi.mui Handle ID: 0x6d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_1d882fc56065eaa5\bootmgr.efi.mui Handle ID: 0x6dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_1ebc558b5fa34c0d\bootmgfw.efi.mui Handle ID: 0x6e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_1ebc558b5fa34c0d\bootmgr.efi.mui Handle ID: 0x6e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_it-it_f9852e0df4948a55\memtest.efi.mui Handle ID: 0x6e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_it-it_c173cb8a5275626f\bootmgfw.efi.mui Handle ID: 0x6ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_it-it_c173cb8a5275626f\bootmgr.efi.mui Handle ID: 0x6f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9baaad1ae7af9c30\memtest.efi.mui Handle ID: 0x6f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_63994a974590744a\bootmgfw.efi.mui Handle ID: 0x6f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_63994a974590744a\bootmgr.efi.mui Handle ID: 0x6fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d74bd5437b437cf1\bootmgr.efi.mui Handle ID: 0x700 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_0703274c38013b60\bootmgfw.efi.mui Handle ID: 0x704 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_0703274c38013b60\bootmgr.efi.mui Handle ID: 0x708 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_3f1489cfda206346\memtest.efi.mui Handle ID: 0x70c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_nb-no_27a70b04b2458f02\memtest.efi.mui Handle ID: 0x710 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_aace534d2a2906fd\bootmgfw.efi.mui Handle ID: 0x714 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_25e65642b37198d7\memtest.efi.mui Handle ID: 0x718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_aace534d2a2906fd\bootmgr.efi.mui Handle ID: 0x71c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_6c22b0c49894068b\memtest.efi.mui Handle ID: 0x720 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_ab9bc1d129a747ed\bootmgfw.efi.mui Handle ID: 0x724 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_ab9bc1d129a747ed\bootmgr.efi.mui Handle ID: 0x728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_nb-no_ef95a8811026671c\bootmgfw.efi.mui Handle ID: 0x72c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_nb-no_ef95a8811026671c\bootmgr.efi.mui Handle ID: 0x730 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_edd4f3bf115270f1\bootmgfw.efi.mui Handle ID: 0x734 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_edd4f3bf115270f1\bootmgr.efi.mui Handle ID: 0x738 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_34114e40f674dea5\bootmgfw.efi.mui Handle ID: 0x73c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_34114e40f674dea5\bootmgr.efi.mui Handle ID: 0x740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_6f586ad4968d0a4b\memtest.efi.mui Handle ID: 0x744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pt-br_366538e4f4fe7289\bootmgfw.efi.mui Handle ID: 0x690 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pt-br_6e769b68971d9a6f\memtest.efi.mui Handle ID: 0x694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pt-br_366538e4f4fe7289\bootmgr.efi.mui Handle ID: 0x65c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_qps-ploc_2b765c956db488cf\memtest.efi.mui Handle ID: 0x68c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_37470850f46de265\bootmgfw.efi.mui Handle ID: 0x680 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_b5fb7c987b6e9877\memtest.efi.mui Handle ID: 0x660 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_37470850f46de265\bootmgr.efi.mui Handle ID: 0x684 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_7b81ce88dad4adc1\bootmgfw.efi.mui Handle ID: 0x620 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_7b81ce88dad4adc1\bootmgr.efi.mui Handle ID: 0x64c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_7dea1a14d94f7091\bootmgfw.efi.mui Handle ID: 0x658 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_7dea1a14d94f7091\bootmgr.efi.mui Handle ID: 0x698 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_1d051ec1ce6962bb\bootmgfw.efi.mui Handle ID: 0x654 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_sv-se_51f6670d7297a2d2\memtest.efi.mui Handle ID: 0x748 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_1d051ec1ce6962bb\bootmgr.efi.mui Handle ID: 0x74c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sl-si_1c174079cf03759e\bootmgfw.efi.mui Handle ID: 0x750 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sl-si_1c174079cf03759e\bootmgr.efi.mui Handle ID: 0x754 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_fb03b1546153a4c3\memtest.efi.mui Handle ID: 0x758 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_c247a8be44151ccf\bootmgfw.efi.mui Handle ID: 0x75c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sv-se_19e50489d0787aec\bootmgfw.efi.mui Handle ID: 0x760 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_c247a8be44151ccf\bootmgr.efi.mui Handle ID: 0x764 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sv-se_19e50489d0787aec\bootmgr.efi.mui Handle ID: 0x768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_c2f24ed0bf347cdd\bootmgfw.efi.mui Handle ID: 0x76c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_c2f24ed0bf347cdd\bootmgr.efi.mui Handle ID: 0x770 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5ed23177b665a329\bootmgfw.efi.mui Handle ID: 0x774 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_cc60cf52118b76e2\memtest.efi.mui Handle ID: 0x778 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_d05d0ca80efc5352\memtest.efi.mui Handle ID: 0x77c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_944f6cce6f6c4efc\bootmgfw.efi.mui Handle ID: 0x780 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_944f6cce6f6c4efc\bootmgr.efi.mui Handle ID: 0x784 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_984baa246cdd2b6c\bootmgfw.efi.mui Handle ID: 0x788 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_984baa246cdd2b6c\bootmgr.efi.mui Handle ID: 0x78c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5ed23177b665a329\bootmgr.efi.mui Handle ID: 0x790 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-eng-boot_31bf3856ad364e35_10.0.19041.1_none_fa8429484d90337d\segmono_boot.ttf Handle ID: 0x794 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-jpn-boot_31bf3856ad364e35_10.0.19041.1_none_3f0d37efc90f3433\meiryon_boot.ttf Handle ID: 0x798 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-jpn-boot_31bf3856ad364e35_10.0.19041.1_none_3f0d37efc90f3433\meiryo_boot.ttf Handle ID: 0x79c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-kor-boot_31bf3856ad364e35_10.0.19041.1_none_10b88dcf347e1295\malgunn_boot.ttf Handle ID: 0x7a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-cht-boot_31bf3856ad364e35_10.0.19041.1_none_7407304ac87a067c\msjh_boot.ttf Handle ID: 0x7a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-kor-boot_31bf3856ad364e35_10.0.19041.1_none_10b88dcf347e1295\malgun_boot.ttf Handle ID: 0x7a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.19041.1_none_1cfc24839a30984f\bootnxt Handle ID: 0x7ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-chs-boot_31bf3856ad364e35_10.0.19041.1_none_8ad4cb82aed2b7dd\msyhn_boot.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-cht-boot_31bf3856ad364e35_10.0.19041.1_none_7407304ac87a067c\msjhn_boot.ttf Handle ID: 0x7b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-chs-boot_31bf3856ad364e35_10.0.19041.1_none_8ad4cb82aed2b7dd\msyh_boot.ttf Handle ID: 0x7b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-eng-boot_31bf3856ad364e35_10.0.19041.1_none_fa8429484d90337d\wgl4_boot.ttf Handle ID: 0x7bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.19041.1_none_1cfc24839a30984f\bootuwf.dll Handle ID: 0x7c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-eng-boot_31bf3856ad364e35_10.0.19041.1_none_fa8429484d90337d\segoen_slboot.ttf Handle ID: 0x7c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-eng-boot_31bf3856ad364e35_10.0.19041.1_none_fa8429484d90337d\segoe_slboot.ttf Handle ID: 0x7c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_33d8c3da77d0026d\memtest.exe.mui Handle ID: 0x7cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_da-dk_d112a4016e15fe6c\memtest.exe.mui Handle ID: 0x7d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.19041.1_none_1cfc24839a30984f\bootvhd.dll Handle ID: 0x7d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_de-de_ce3e393d6fec5306\memtest.exe.mui Handle ID: 0x7d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_el-gr_76d466d05f01bb94\memtest.exe.mui Handle ID: 0x7dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_772f0f365eca5ecb\memtest.exe.mui Handle ID: 0x7e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.19041.1_none_1cfc24839a30984f\bootmgr Handle ID: 0x7e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_es-es_76fa6c1a5ef15070\memtest.exe.mui Handle ID: 0x7e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_161570c7540b429a\memtest.exe.mui Handle ID: 0x7ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_19b1e21951c366d2\memtest.exe.mui Handle ID: 0x6e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.19041.1_none_1cfc24839a30984f\bootspaces.dll Handle ID: 0x6dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_61226261362335ee\memtest.exe.mui Handle ID: 0x6d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_it-it_03d9d86028f54c50\memtest.exe.mui Handle ID: 0x6d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a5ff576d1c105e2b\memtest.exe.mui Handle ID: 0x6d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_496934220e812541\memtest.exe.mui Handle ID: 0x6cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_nb-no_31fbb556e6a650fd\memtest.exe.mui Handle ID: 0x6c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_303b0094e7d25ad2\memtest.exe.mui Handle ID: 0x6c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_76775b16ccf4c886\memtest.exe.mui Handle ID: 0x6c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pt-br_78cb45bacb7e5c6a\memtest.exe.mui Handle ID: 0x6bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\abortpxe.com Handle ID: 0x6b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_79ad1526caedcc46\memtest.exe.mui Handle ID: 0x634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_c05026eaafcf5a72\memtest.exe.mui Handle ID: 0x6b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_sv-se_5c4b115fa6f864cd\memtest.exe.mui Handle ID: 0x6ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_d6b579a445ec38dd\memtest.exe.mui Handle ID: 0x640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_dab1b6fa435d154d\memtest.exe.mui Handle ID: 0x6a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_05585ba695b466be\memtest.exe.mui Handle ID: 0x6a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\hdlscom1.com Handle ID: 0x650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nvironment-pxe-base_31bf3856ad364e35_10.0.19041.1_none_d488a0911d97d7fa\WdsConfig.inf Handle ID: 0x638 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\hdlscom1.n12 Handle ID: 0x708 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\hdlscom2.com Handle ID: 0x704 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\hdlscom2.n12 Handle ID: 0x700 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_qps-ploc_35cb06e7a2154aca\memtest.exe.mui Handle ID: 0x70c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\pxeboot.com Handle ID: 0x6a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\pxeboot.n12 Handle ID: 0x688 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\wdsnbp.com Handle ID: 0x678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_0bf05f43e2a51dff\wdsmgfw.efi.mui Handle ID: 0x63c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1_none_8e265beda3fae139\memtest.efi Handle ID: 0x67c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ore-bootmanager-efi_31bf3856ad364e35_10.0.19041.1_none_3d71f65b3bbd6193\bootmgr.efi Handle ID: 0x670 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_24889a0c5a8c93da\bootmgr.exe.mui Handle ID: 0x624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_cf9210a748147005\bootmgr.efi.mui Handle ID: 0x674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_24889a0c5a8c93da\bootmgr.efi.mui Handle ID: 0x718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_cf9210a748147005\bootmgr.exe.mui Handle ID: 0x66c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_da-dk_6ccbf0ce3e5a6c04\bootmgr.efi.mui Handle ID: 0x664 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_de-de_a655d4a6dac16e98\wdsmgfw.efi.mui Handle ID: 0x6b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_da-dk_6ccbf0ce3e5a6c04\bootmgr.exe.mui Handle ID: 0x720 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_de-de_69f7860a4030c09e\bootmgr.efi.mui Handle ID: 0x728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ore-bootmanager-efi_31bf3856ad364e35_10.0.19041.1_none_3d71f65b3bbd6193\bootmgfw.efi Handle ID: 0x724 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_en-gb_0b5fa0e533e6189e\bootmgr.efi.mui Handle ID: 0x72c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_el-gr_128db39d2f46292c\bootmgr.efi.mui Handle ID: 0x714 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_el-gr_128db39d2f46292c\bootmgr.exe.mui Handle ID: 0x730 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_4f46aa9fc99f7a5d\wdsmgfw.efi.mui Handle ID: 0x710 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_en-gb_0b5fa0e533e6189e\bootmgr.exe.mui Handle ID: 0x734 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_en-us_12e85c032f0ecc63\bootmgr.exe.mui Handle ID: 0x6fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1_en-us_79543bbc0cf10fda\bootmgr.exe.mui Handle ID: 0x6f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_es-es_4f120783c9c66c02\wdsmgfw.efi.mui Handle ID: 0x738 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_de-de_69f7860a4030c09e\bootmgr.exe.mui Handle ID: 0x73c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_en-us_12e85c032f0ecc63\bootmgr.efi.mui Handle ID: 0x6f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_es-es_12b3b8e72f35be08\bootmgr.efi.mui Handle ID: 0x740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_es-es_12b3b8e72f35be08\bootmgr.exe.mui Handle ID: 0x6f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_et-ee_0c738477333b9a97\bootmgr.efi.mui Handle ID: 0x744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_es-mx_14eaa68d2dc9a1b3\bootmgr.efi.mui Handle ID: 0x6ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_es-mx_14eaa68d2dc9a1b3\bootmgr.exe.mui Handle ID: 0x6e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_et-ee_0c738477333b9a97\bootmgr.exe.mui Handle ID: 0x62c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_b1cebd94244fb032\bootmgr.efi.mui Handle ID: 0x6e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_b1cebd94244fb032\bootmgr.exe.mui Handle ID: 0x694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f1c97d82bc988264\wdsmgfw.efi.mui Handle ID: 0x65c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_3939fdcaa0f85180\wdsmgfw.efi.mui Handle ID: 0x690 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_ade1793026e03a90\bootmgr.exe.mui Handle ID: 0x68c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b56b2ee62207d46a\bootmgr.efi.mui Handle ID: 0x7f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b56b2ee62207d46a\bootmgr.exe.mui Handle ID: 0x680 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_fba78968072a421e\bootmgr.exe.mui Handle ID: 0x71c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_ade1793026e03a90\bootmgr.efi.mui Handle ID: 0x660 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_it-it_dbf173c993ca67e2\wdsmgfw.efi.mui Handle ID: 0x7f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_fcdbaf2e0667a386\bootmgr.exe.mui Handle ID: 0x684 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_fba78968072a421e\bootmgr.efi.mui Handle ID: 0x7f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_41b8a439ec54cbc3\bootmgr.efi.mui Handle ID: 0x620 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_41b8a439ec54cbc3\bootmgr.exe.mui Handle ID: 0x7fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_fcdbaf2e0667a386\bootmgr.efi.mui Handle ID: 0x64c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f93252cf939b9e8\bootmgr.efi.mui Handle ID: 0x668 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f93252cf939b9e8\bootmgr.exe.mui Handle ID: 0x658 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_e52280eedec592d9\bootmgr.efi.mui Handle ID: 0x5bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7e16f2d686e579bd\wdsmgfw.efi.mui Handle ID: 0x698 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_e52280eedec592d9\bootmgr.exe.mui Handle ID: 0x5b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_2180cf8b795640d3\wdsmgfw.efi.mui Handle ID: 0x654 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\bootmgr.exe Handle ID: 0x648 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_08529bfe52a77664\wdsmgfw.efi.mui Handle ID: 0x748 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_88edacefd0ed5e76\bootmgr.efi.mui Handle ID: 0x644 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_88edacefd0ed5e76\bootmgr.exe.mui Handle ID: 0x74c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_89bb1b73d06b9f66\bootmgr.efi.mui Handle ID: 0x69c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_89bb1b73d06b9f66\bootmgr.exe.mui Handle ID: 0x750 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_nb-no_cdb50223b6eabe95\bootmgr.efi.mui Handle ID: 0x804 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_nb-no_cdb50223b6eabe95\bootmgr.exe.mui Handle ID: 0x80c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_cbf44d61b816c86a\bootmgr.efi.mui Handle ID: 0x810 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_4e8ef68037c9e418\wdsmgfw.efi.mui Handle ID: 0x814 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_cbf44d61b816c86a\bootmgr.exe.mui Handle ID: 0x818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_pt-br_50e2e124365377fc\wdsmgfw.efi.mui Handle ID: 0x75c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_1230a7e39d39361e\bootmgr.efi.mui Handle ID: 0x81c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1_none_987b063fd85ba334\memtest.exe Handle ID: 0x820 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_1230a7e39d39361e\bootmgr.exe.mui Handle ID: 0x824 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_51c4b09035c2e7d8\wdsmgfw.efi.mui Handle ID: 0x828 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pt-br_148492879bc2ca02\bootmgr.efi.mui Handle ID: 0x82c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pt-br_148492879bc2ca02\bootmgr.exe.mui Handle ID: 0x830 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_156661f39b3239de\bootmgr.efi.mui Handle ID: 0x834 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_156661f39b3239de\bootmgr.exe.mui Handle ID: 0x838 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_9867c2541aa47604\wdsmgfw.efi.mui Handle ID: 0x83c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_qps-ploc_d18453b47259b862\bootmgr.efi.mui Handle ID: 0x840 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_qps-ploc_d18453b47259b862\bootmgr.exe.mui Handle ID: 0x844 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_qps..ocm_6be18169d83831ab\bootmgr.efi.mui Handle ID: 0x848 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_qps..ocm_6be18169d83831ab\bootmgr.exe.mui Handle ID: 0x84c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_59a1282b8199053a\bootmgr.exe.mui Handle ID: 0x850 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_5c0973b78013c80a\bootmgr.exe.mui Handle ID: 0x854 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_fb247864752dba34\bootmgr.efi.mui Handle ID: 0x858 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_fb247864752dba34\bootmgr.exe.mui Handle ID: 0x85c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_59a1282b8199053a\bootmgr.efi.mui Handle ID: 0x860 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_5c0973b78013c80a\bootmgr.efi.mui Handle ID: 0x864 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_sv-se_3462acc911cd805f\wdsmgfw.efi.mui Handle ID: 0x868 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sl-si_fa369a1c75c7cd17\bootmgr.efi.mui Handle ID: 0x86c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sl-si_fa369a1c75c7cd17\bootmgr.exe.mui Handle ID: 0x870 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_a0670260ead97448\bootmgr.efi.mui Handle ID: 0x874 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_a0670260ead97448\bootmgr.exe.mui Handle ID: 0x878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_dd6ff71000898250\wdsmgfw.efi.mui Handle ID: 0x87c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sv-se_f8045e2c773cd265\bootmgr.efi.mui Handle ID: 0x880 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sv-se_f8045e2c773cd265\bootmgr.exe.mui Handle ID: 0x884 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_a111a87365f8d456\bootmgr.efi.mui Handle ID: 0x888 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_aecd150db0c1546f\wdsmgfw.efi.mui Handle ID: 0x88c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_a111a87365f8d456\bootmgr.exe.mui Handle ID: 0x890 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_b2c95263ae3230df\wdsmgfw.efi.mui Handle ID: 0x894 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootres_31bf3856ad364e35_10.0.19041.1_none_f50dcea7214e5b1f\bootres.dll Handle ID: 0x898 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3cf18b1a5d29faa2\bootmgr.efi.mui Handle ID: 0x89c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\analyticsevents.dat Handle ID: 0x8a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_726ec6711630a675\bootmgr.efi.mui Handle ID: 0x8a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3cf18b1a5d29faa2\bootmgr.exe.mui Handle ID: 0x8a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\RemoteAggregatorTriggerCriteria.dat Handle ID: 0x8ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\GetFileInfoActionAllowedList.dat Handle ID: 0x8b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_726ec6711630a675\bootmgr.exe.mui Handle ID: 0x8b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_766b03c713a182e5\bootmgr.efi.mui Handle ID: 0x8b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_766b03c713a182e5\bootmgr.exe.mui Handle ID: 0x8bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\GetFileActionAllowedList.dat Handle ID: 0x8c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\utc.tracing.json Handle ID: 0x8c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\RunExeActionAllowedList.dat Handle ID: 0x8c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\telemetry.ASM-WindowsDefault.json Handle ID: 0x8cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\windows.uif_ondemand.json Handle ID: 0x8d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\utc.app.json Handle ID: 0x8d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\8514fix.fon Handle ID: 0x8d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\8514fixe.fon Handle ID: 0x8dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\8514fixg.fon Handle ID: 0x7c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\8514fixr.fon Handle ID: 0x7bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\8514fixt.fon Handle ID: 0x7b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\utc.privacy.diffbase Handle ID: 0x7b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\8514oemg.fon Handle ID: 0x7b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\8514oeme.fon Handle ID: 0x7ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\8514oemr.fon Handle ID: 0x7a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\8514oem.fon Handle ID: 0x7a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\8514oemt.fon Handle ID: 0x7a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\8514sys.fon Handle ID: 0x79c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\windows.diag_ondemand.xml Handle ID: 0x798 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\8514syse.fon Handle ID: 0x794 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\8514sysg.fon Handle ID: 0x790 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\8514syst.fon Handle ID: 0x78c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\8514sysr.fon Handle ID: 0x788 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\85855.fon Handle ID: 0x784 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\85f1255.fon Handle ID: 0x77c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\utc.allow.diffbase Handle ID: 0x778 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\85775.fon Handle ID: 0x774 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\85f1257.fon Handle ID: 0x770 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\85s1255.fon Handle ID: 0x76c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\85f874.fon Handle ID: 0x768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\85f1256.fon Handle ID: 0x7e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\85s1256.fon Handle ID: 0x7e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\85s1257.fon Handle ID: 0x7dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\85s874.fon Handle ID: 0x7d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app850.fon Handle ID: 0x7d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app852.fon Handle ID: 0x7d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app855.fon Handle ID: 0x7cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app857.fon Handle ID: 0x7c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-jpn-boot_31bf3856ad364e35_10.0.19041.1_none_3f0d37efc90f3433\jpn_boot.ttf Handle ID: 0x7c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app866.fon Handle ID: 0x8e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app775.fon Handle ID: 0x8e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40737.fon Handle ID: 0x8e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40850.fon Handle ID: 0x8ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\c8514fix.fon Handle ID: 0x780 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\c8514oem.fon Handle ID: 0x8f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40852.fon Handle ID: 0x8f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40857.fon Handle ID: 0x8f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40866.fon Handle ID: 0x8fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\c8514sys.fon Handle ID: 0x900 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40869.fon Handle ID: 0x904 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80737.fon Handle ID: 0x908 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80850.fon Handle ID: 0x90c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40woa.fon Handle ID: 0x910 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80852.fon Handle ID: 0x914 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80857.fon Handle ID: 0x918 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80866.fon Handle ID: 0x91c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80869.fon Handle ID: 0x6b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80woa.fon Handle ID: 0x6bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app932.fon Handle ID: 0x634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app950.fon Handle ID: 0x920 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app949.fon Handle ID: 0x924 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app936.fon Handle ID: 0x928 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\cvgafix.fon Handle ID: 0x7e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\cvgasys.fon Handle ID: 0x92c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nvironment-pxe-base_31bf3856ad364e35_10.0.19041.1_none_d488a0911d97d7fa\wdsmgfw.efi Handle ID: 0x930 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40869.fon Handle ID: 0x934 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40737.fon Handle ID: 0x938 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40850.fon Handle ID: 0x93c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40852.fon Handle ID: 0x940 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\dos737.fon Handle ID: 0x944 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\dos869.fon Handle ID: 0x948 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\dosapp.fon Handle ID: 0x94c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40857.fon Handle ID: 0x950 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80737.fon Handle ID: 0x954 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80850.fon Handle ID: 0x708 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40866.fon Handle ID: 0x638 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40woa.fon Handle ID: 0x650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80852.fon Handle ID: 0x6a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80857.fon Handle ID: 0x6a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80866.fon Handle ID: 0x640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80869.fon Handle ID: 0x6ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80woa.fon Handle ID: 0x6b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\hvgafix.fon Handle ID: 0x6c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\hvgasys.fon Handle ID: 0x7ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\h8514sys.fon Handle ID: 0x6c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\h8514fix.fon Handle ID: 0x6c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\jvgafix.fon Handle ID: 0x6cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\h8514oem.fon Handle ID: 0x6d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\j8514fix.fon Handle ID: 0x6d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\j8514sys.fon Handle ID: 0x6d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-branding-shell-client_31bf3856ad364e35_10.0.19041.1_none_e760ef0fa6b01397\shellbrd.dll Handle ID: 0x6e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\j8514oem.fon Handle ID: 0x764 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\jvgasys.fon Handle ID: 0x760 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-marlett_31bf3856ad364e35_10.0.19041.1_none_044604f09eae4abd\marlett.ttf Handle ID: 0x758 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\s8514fix.fon Handle ID: 0x754 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\s8514oem.fon Handle ID: 0x808 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\s8514sys.fon Handle ID: 0x674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..etype-lucidaconsole_31bf3856ad364e35_10.0.19041.1_none_b537ffbd18185517\lucon.ttf Handle ID: 0x670 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\windows.uif_ondemand.xml Handle ID: 0x718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_10.0.19041.1_none_1fe0609844af8bce\consolab.ttf Handle ID: 0x70c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_10.0.19041.1_none_1fe0609844af8bce\consola.ttf Handle ID: 0x66c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-branding-base-client_31bf3856ad364e35_10.0.19041.1_none_57c12d0ce48934e2\basebrd.dll Handle ID: 0x624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_10.0.19041.1_none_1fe0609844af8bce\consolaz.ttf Handle ID: 0x664 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_10.0.19041.1_none_1fe0609844af8bce\consolai.ttf Handle ID: 0x67c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segmdl2.ttf Handle ID: 0x678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\seguibl.ttf Handle ID: 0x688 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..i_italicssupplement_31bf3856ad364e35_10.0.19041.1_none_56130ec247ca84b6\seguibli.ttf Handle ID: 0x6b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segoeuii.ttf Handle ID: 0x63c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-kor-boot_31bf3856ad364e35_10.0.19041.1_none_10b88dcf347e1295\kor_boot.ttf Handle ID: 0x720 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\svgafix.fon Handle ID: 0x728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\svgasys.fon Handle ID: 0x6a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segoeuiz.ttf Handle ID: 0x724 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..i_italicssupplement_31bf3856ad364e35_10.0.19041.1_none_56130ec247ca84b6\seguili.ttf Handle ID: 0x72c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga737.fon Handle ID: 0x700 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga775.fon Handle ID: 0x704 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga850.fon Handle ID: 0x714 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga852.fon Handle ID: 0x958 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga855.fon Handle ID: 0x730 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga857.fon Handle ID: 0x95c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..i_italicssupplement_31bf3856ad364e35_10.0.19041.1_none_56130ec247ca84b6\seguisbi.ttf Handle ID: 0x710 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga860.fon Handle ID: 0x960 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga861.fon Handle ID: 0x734 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga863.fon Handle ID: 0x964 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga865.fon Handle ID: 0x6fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga866.fon Handle ID: 0x968 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga869.fon Handle ID: 0x6f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga932.fon Handle ID: 0x96c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-sylfaen_31bf3856ad364e35_10.0.19041.1_none_149fbfda868baffa\sylfaen.ttf Handle ID: 0x970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga936.fon Handle ID: 0x738 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga949.fon Handle ID: 0x978 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga950.fon Handle ID: 0x73c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgaf1255.fon Handle ID: 0x974 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgaf1256.fon Handle ID: 0x6f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-microsoftsansserif_31bf3856ad364e35_10.0.19041.1_none_df0b1258e7682d8a\micross.ttf Handle ID: 0x97c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgaf1257.fon Handle ID: 0x740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgafix.fon Handle ID: 0x980 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgaf874.fon Handle ID: 0x6f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgafixe.fon Handle ID: 0x984 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgafixg.fon Handle ID: 0x98c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgafixr.fon Handle ID: 0x990 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vgaoem.fon Handle ID: 0x744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgafixt.fon Handle ID: 0x988 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..i_italicssupplement_31bf3856ad364e35_10.0.19041.1_none_56130ec247ca84b6\seguisli.ttf Handle ID: 0x6e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgas1255.fon Handle ID: 0x6ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgas1256.fon Handle ID: 0x994 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgas1257.fon Handle ID: 0x62c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgasys.fon Handle ID: 0x99c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgas874.fon Handle ID: 0x6e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgasyse.fon Handle ID: 0x998 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segoeuisl.ttf Handle ID: 0x9a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgasysg.fon Handle ID: 0x9a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segoeuil.ttf Handle ID: 0x9b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgasysr.fon Handle ID: 0x9b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgasyst.fon Handle ID: 0x9b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segoeuib.ttf Handle ID: 0x65c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-chs-boot_31bf3856ad364e35_10.0.19041.1_none_8ad4cb82aed2b7dd\chs_boot.ttf Handle ID: 0x71c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-cht-boot_31bf3856ad364e35_10.0.19041.1_none_7407304ac87a067c\cht_boot.ttf Handle ID: 0x9ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shell32_31bf3856ad364e35_10.0.19041.1_none_221a3861b159743a\apps.inf Handle ID: 0x75c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\seguisb.ttf Handle ID: 0x840 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\defltrdsh.inf Handle ID: 0xaf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\dwup.inf Handle ID: 0xb00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\defltwk.inf Handle ID: 0xb04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\defltbase.inf Handle ID: 0x81c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\dwup-noregkeys.inf Handle ID: 0xb0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\seguihis.ttf Handle ID: 0xb5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_10.0.19041.1_none_e5bd78301400fdf4\tahomabd.ttf Handle ID: 0xb9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_10.0.19041.1_none_e5bd78301400fdf4\tahoma.ttf Handle ID: 0xba0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-erratamanager_31bf3856ad364e35_10.0.19041.1_none_241785270b375893\errata.inf Handle ID: 0xbac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-registrysettings_31bf3856ad364e35_10.0.19041.1_none_4ba260bf507a307f\fontsetup.inf Handle ID: 0x7d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\puwk.inf Handle ID: 0x904 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\rdshup.inf Handle ID: 0x8f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ram-disk-driver_31bf3856ad364e35_10.0.19041.1_none_c051ee891e045c04\ramdisk.inf Handle ID: 0xbdc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\seguiemj.ttf Handle ID: 0x76c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_10.0.19041.1_none_edfeefdf7878f58d\secrecs.inf Handle ID: 0x778 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_10.0.19041.1_none_edfeefdf7878f58d\sceregvl.inf Handle ID: 0x92c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_10.0.19041.1_none_5b35da44a9e83608\lagcounterdef.h Handle ID: 0xc34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_10.0.19041.1_none_5b35da44a9e83608\lagcounterdef.ini Handle ID: 0x6d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasctrs_31bf3856ad364e35_10.0.19041.1_none_ca0f264315c5eebb\rasctrnm.h Handle ID: 0xc40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\rasctrnm.h Handle ID: 0x760 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasctrs_31bf3856ad364e35_10.0.19041.1_none_ca0f264315c5eebb\rasctrs.ini Handle ID: 0x754 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_10.0.19041.1_en-us_761f89bd7d6d7bf2\rasctrs.ini Handle ID: 0xc44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.19041.1_none_6dff243ce8767893\baseeapconnectionpropertiesv1.xsd Handle ID: 0xc4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\baseeapmethodconfig.xsd Handle ID: 0xc50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\baseeapmethodusercredentials.xsd Handle ID: 0xc54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.19041.1_none_6dff243ce8767893\baseeapuserpropertiesv1.xsd Handle ID: 0xc58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eapcommon.xsd Handle ID: 0xc5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.19041.1_none_6dff243ce8767893\eapconnectionpropertiesv1.xsd Handle ID: 0xc60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\EapGenericUserCredentials.xsd Handle ID: 0xc64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eaphostconfig.xsd Handle ID: 0xc7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eaphostusercredentials.xsd Handle ID: 0xc84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.19041.1_none_6dff243ce8767893\eapuserpropertiesv1.xsd Handle ID: 0xc88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\eaptlsconnectionpropertiesv2.xsd Handle ID: 0xc8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\eaptlsuserpropertiesv1.xsd Handle ID: 0xc90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\eaptlsconnectionpropertiesv3.xsd Handle ID: 0xc94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\eaptlsconnectionpropertiesv1.xsd Handle ID: 0xc98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mschapv2connectionpropertiesv1.xsd Handle ID: 0xc9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mschapv2userpropertiesv1.xsd Handle ID: 0xca0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mspeapconnectionpropertiesv2.xsd Handle ID: 0xca4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mspeapconnectionpropertiesv3.xsd Handle ID: 0xca8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mspeapconnectionpropertiesv1.xsd Handle ID: 0xcac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mspeapuserpropertiesv1.xsd Handle ID: 0xcb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wrp-integrity-api_31bf3856ad364e35_10.0.19041.1_none_bea9c86a7943c78b\wrpintapi.dll Handle ID: 0xcd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-servicingstack-msg_31bf3856ad364e35_10.0.19041.1_none_f4907776ca64ee01\CbsMsg.dll Handle ID: 0x730 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cbsapi_31bf3856ad364e35_10.0.19041.1_none_0452e0998fc47d6f\CbsApi.dll Handle ID: 0x6b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.19041.1_none_46fe4107ec843c76\TrustedInstaller.exe Handle ID: 0x970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\seguisym.ttf Handle ID: 0xda4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1_none_6331d348ae4a8fa9\x86_installed Handle ID: 0x1048 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1_none_bf506ecc66a800df\amd64_installed Handle ID: 0xab0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecore-ras-base-vpn_31bf3856ad364e35_10.0.19041.1_none_d24e62087d8454d4\@VpnToastIcon.png Handle ID: 0x1050 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-drvsetup_31bf3856ad364e35_10.0.19041.1_none_13cec30c02f42f59\6bea57fb-8dfb-4177-9ae8-42e8b3529933_RuntimeDeviceInstall.dll Handle ID: 0x1058 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advapi32res_31bf3856ad364e35_10.0.19041.1_none_a7eca47ac0021603\advapi32res.dll Handle ID: 0x1054 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..es-interface-router_31bf3856ad364e35_10.0.19041.1_none_0de7142c1de6b3c2\activeds.tlb Handle ID: 0xab4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\ARP.EXE Handle ID: 0x105c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-aero_31bf3856ad364e35_10.0.19041.1_none_61d41f0eb8c71cc4\aero.msstyles Handle ID: 0x1060 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advpack_31bf3856ad364e35_11.0.19041.1_none_95adedd5fd07f242\advpack.dll Handle ID: 0xab8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-attrib_31bf3856ad364e35_10.0.19041.1_none_687f28352b92068b\attrib.exe Handle ID: 0x1068 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.1_none_5fc425fbf9e3e3c7\atmlib.dll Handle ID: 0x1064 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-apisetschema-windows_31bf3856ad364e35_10.0.19041.1_none_e01d9d0bfa07ae7e\apisetschema.dll Handle ID: 0x1070 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-atl_31bf3856ad364e35_10.0.19041.1_none_61114d49f90ff362\atl.dll Handle ID: 0x1074 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_10.0.19041.1_none_2cba77a9587eb117\asycfilt.dll Handle ID: 0x1078 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..es-interface-router_31bf3856ad364e35_10.0.19041.1_none_0de7142c1de6b3c2\activeds.dll Handle ID: 0x107c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tingversion-default_31bf3856ad364e35_10.0.19041.1_none_56384c8ae847f6cc\SortDefault.nls Handle ID: 0x1080 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_10.0.19041.1_none_152381bd05dadff7\adsldpc.dll Handle ID: 0x1084 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-basesrv_31bf3856ad364e35_10.0.19041.1_none_c2bbf8598318544b\basesrv.dll Handle ID: 0x1088 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-configuration-data_31bf3856ad364e35_10.0.19041.1_none_b85d7ef5bf4cc5c7\bcd.dll Handle ID: 0x108c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..tiondata-com-server_31bf3856ad364e35_10.0.19041.1_none_959469660419d0bf\bcdsrv.dll Handle ID: 0xac4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_10.0.19041.1_none_a47da0f08ec32f0a\bcrypt.dll Handle ID: 0x1094 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-strings_31bf3856ad364e35_10.0.19041.1_none_ae731d30ac4be0f7\bootstr.dll Handle ID: 0xac8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..on-authui-component_31bf3856ad364e35_10.0.19041.1_none_92c85869af354084\authui.dll Handle ID: 0x109c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootvid_31bf3856ad364e35_10.0.19041.1_none_ee6a88fd2591e316\BOOTVID.DLL Handle ID: 0x10a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ment-bootsectortool_31bf3856ad364e35_10.0.19041.1_none_c27f721834e813f5\bootsect.exe Handle ID: 0x10a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..entication-usermode_31bf3856ad364e35_10.0.19041.1_none_f012d0b713b1f299\authz.dll Handle ID: 0x10ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcdboot-cmdlinetool_31bf3856ad364e35_10.0.19041.1_none_1746f218dd81ed09\bcdboot.exe Handle ID: 0x10b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootconfig_31bf3856ad364e35_10.0.19041.1_none_c2078a8db9a59aef\bootcfg.exe Handle ID: 0x10b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-browseui_31bf3856ad364e35_10.0.19041.1_none_e6d3ef3685b35397\browseui.dll Handle ID: 0x10b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-browserservice-netapi_31bf3856ad364e35_10.0.19041.1_none_e37e715d37185736\browcli.dll Handle ID: 0x10bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..ence-inventory-core_31bf3856ad364e35_10.0.19041.1_none_14c4e11698bd57a7\aepic.dll Handle ID: 0x10c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-capisp-dll_31bf3856ad364e35_10.0.19041.1_none_87f94d6adca395fc\capisp.dll Handle ID: 0x10c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-aclui_31bf3856ad364e35_10.0.19041.1_none_0afb6ba153044137\aclui.dll Handle ID: 0x10c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cabapi_31bf3856ad364e35_10.0.19041.1_none_139681c37af5e1d9\cabapi.dll Handle ID: 0x10cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cfmifs_31bf3856ad364e35_10.0.19041.1_none_a611e291f8627f2d\cfmifs.dll Handle ID: 0x10d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cfmifs_31bf3856ad364e35_10.0.19041.1_none_a611e291f8627f2d\cfmifsproxy.dll Handle ID: 0x1090 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\chcp.com Handle ID: 0xad4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cabinet_31bf3856ad364e35_10.0.19041.1_none_ed305ea081493ac1\cabinet.dll Handle ID: 0xac0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.19041.1_none_ceb3891c2721fc43\chkntfs.exe Handle ID: 0xabc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_10.0.19041.1_none_77d767642c0e040b\chkdsk.exe Handle ID: 0xad8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-chkwudrv_31bf3856ad364e35_10.0.19041.1_none_3d0cf44cd5467f9b\chkwudrv.dll Handle ID: 0xad0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advapi32_31bf3856ad364e35_10.0.19041.1_none_99395f2e25df3f2b\advapi32.dll Handle ID: 0xacc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.1_none_aa1fc2e87b362d12\clb.dll Handle ID: 0x106c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_10.0.19041.1_none_c82286e8b667d357\bcryptprimitives.dll Handle ID: 0x10a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-brokerbase_31bf3856ad364e35_10.0.19041.1_none_3969b2710b053055\BrokerLib.dll Handle ID: 0xae0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..utilitylibrariesext_31bf3856ad364e35_10.0.19041.1_none_26f4f0a946ac539a\cmdext.dll Handle ID: 0x10d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1_none_52c6583f47afba7a\cnvfat.dll Handle ID: 0x10d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-ole_31bf3856ad364e35_10.0.19041.1_none_ac20fe64570bc53f\comcat.dll Handle ID: 0xae4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_10.0.19041.1_none_cd1a3bc29e2594be\cmifw.dll Handle ID: 0x10e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_10.0.19041.1_none_61b9a62282ea4bf7\cdd.dll Handle ID: 0xae8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.19041.1_none_f952033afd5152f9\cfgmgr32.dll Handle ID: 0x10e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_10.0.19041.1_none_e2a1e85b858f5f9e\comres.dll Handle ID: 0x10e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-compact_31bf3856ad364e35_10.0.19041.1_none_afe6484e54f00fd0\compact.exe Handle ID: 0x10ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.19041.1_none_3e1c0a49448926c6\bcdedit.exe Handle ID: 0x10f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_10.0.19041.1_none_7d3387d217cafb37\adtschema.dll Handle ID: 0x10f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_10.0.19041.1_none_40fdd440b9ba0fea\cmd.exe Handle ID: 0x10fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1_none_52c6583f47afba7a\convert.exe Handle ID: 0x10f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-console-host-propsheet_31bf3856ad364e35_10.0.19041.1_none_d3c96faebd0ccc7e\console.dll Handle ID: 0xaf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_10.0.19041.1_none_8d6ec2ffdc050ea1\certcli.dll Handle ID: 0x1100 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_10.0.19041.1_none_80ac2d61ac960bf3\CredentialUIBroker.exe Handle ID: 0xaf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ov2fahelper-library_31bf3856ad364e35_10.0.19041.1_none_66b82f27f4cd177d\CredProv2faHelper.dll Handle ID: 0x1104 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskapilibrary_31bf3856ad364e35_10.0.19041.1_none_a353adcda7cf69e6\convertvhd.exe Handle ID: 0x1108 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-consolehostv1_31bf3856ad364e35_10.0.19041.1_none_f49bb5365975ebb7\ConhostV1.dll Handle ID: 0xaf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-credui-onecore_31bf3856ad364e35_10.0.19041.1_none_3146ea64c3238619\credui.dll Handle ID: 0x110c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1_none_97e4facd611ea96a\autochk.exe Handle ID: 0x1110 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-security-winpe_31bf3856ad364e35_10.0.19041.1_none_9bfa2f37b63d1ea6\BFE.DLL Handle ID: 0x1114 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-coml2_31bf3856ad364e35_10.0.19041.1_none_d3ae61841d552f16\coml2.dll Handle ID: 0x1118 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1_none_52c6583f47afba7a\autoconv.exe Handle ID: 0x111c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptdlg-dll_31bf3856ad364e35_10.0.19041.1_none_d8796aa5b7739615\cryptdlg.dll Handle ID: 0x1120 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_10.0.19041.1_none_1b56e2fc4d577db0\cryptbase.dll Handle ID: 0x1124 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..iderslegacy-library_31bf3856ad364e35_10.0.19041.1_none_125e3189c56b833d\credprovslegacy.dll Handle ID: 0x1128 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptdll-dll_31bf3856ad364e35_10.0.19041.1_none_bb8f936a4d22f7a0\cryptdll.dll Handle ID: 0x1130 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptext-dll_31bf3856ad364e35_10.0.19041.1_none_b583d03eb516a763\cryptext.dll Handle ID: 0x112c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptcatsvc-dll_31bf3856ad364e35_10.0.19041.1_none_65a0b6af927c65ce\cryptcatsvc.dll Handle ID: 0x1134 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_10.0.19041.1_none_df4e7b90a62a08e3\cryptsp.dll Handle ID: 0x1138 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-consolelogon-library_31bf3856ad364e35_10.0.19041.1_none_3b45bfdcc65513d5\ConsoleLogon.dll Handle ID: 0x113c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-csrss_31bf3856ad364e35_10.0.19041.1_none_0ed4f15b837334c7\csrss.exe Handle ID: 0x1140 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..services-certca-dll_31bf3856ad364e35_10.0.19041.1_none_b9df7be4896b96e8\certca.dll Handle ID: 0xb0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_037.NLS Handle ID: 0x1144 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_10.0.19041.1_none_7f78448944bb2844\csrsrv.dll Handle ID: 0x1148 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_10.0.19041.1_none_5668fec1a41d6ac1\ci.dll Handle ID: 0x114c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemeventsbroker_31bf3856ad364e35_10.0.19041.1_none_7e925158dcd948ee\CSystemEventsBrokerClient.dll Handle ID: 0xb14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10000.NLS Handle ID: 0xb10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_10.0.19041.1_none_cd0a4e9d9b333fbf\cryptnet.dll Handle ID: 0x1150 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_10.0.19041.1_none_2bf0a6e83a2cd464\cryptsvc.dll Handle ID: 0x1154 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10004.NLS Handle ID: 0xb18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-credprovhost-library_31bf3856ad364e35_10.0.19041.1_none_696eaa2dcd7e92b6\credprovhost.dll Handle ID: 0x1158 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..alproviders-library_31bf3856ad364e35_10.0.19041.1_none_420c0d9efb7b6808\credprovs.dll Handle ID: 0x115c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10005.NLS Handle ID: 0xadc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10006.NLS Handle ID: 0xb1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10007.NLS Handle ID: 0x1164 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptxml_31bf3856ad364e35_10.0.19041.1_none_04f27d56494ec1f6\cryptxml.dll Handle ID: 0xb08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10010.NLS Handle ID: 0xb20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10017.NLS Handle ID: 0x1168 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10021.NLS Handle ID: 0x116c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10029.NLS Handle ID: 0x1170 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10079.NLS Handle ID: 0xb24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10081.NLS Handle ID: 0x1174 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10001.NLS Handle ID: 0x1178 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10002.NLS Handle ID: 0x117c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32_31bf3856ad364e35_10.0.19041.1_none_6ba21f2545051a20\comdlg32.dll Handle ID: 0xb28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1026.NLS Handle ID: 0x1180 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10082.NLS Handle ID: 0x1184 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1047.NLS Handle ID: 0x1188 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1140.NLS Handle ID: 0x118c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1141.NLS Handle ID: 0x1194 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1142.NLS Handle ID: 0x1190 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1143.NLS Handle ID: 0x1198 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1144.NLS Handle ID: 0xb30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1145.NLS Handle ID: 0x11a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1146.NLS Handle ID: 0x119c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10008.NLS Handle ID: 0xb34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1147.NLS Handle ID: 0x11a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1148.NLS Handle ID: 0x11a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1149.NLS Handle ID: 0x1160 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1250.NLS Handle ID: 0x81c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10003.NLS Handle ID: 0xb2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1251.NLS Handle ID: 0xb04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1252.NLS Handle ID: 0x11b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1253.NLS Handle ID: 0xaec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1254.NLS Handle ID: 0xb00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1255.NLS Handle ID: 0xb3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1256.NLS Handle ID: 0xb38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1257.NLS Handle ID: 0x11ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1258.NLS Handle ID: 0x11b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.1_none_238750f3c392980f\conhost.exe Handle ID: 0xb44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20105.NLS Handle ID: 0xafc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20106.NLS Handle ID: 0x11b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20107.NLS Handle ID: 0x11bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20127.NLS Handle ID: 0x11c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20269.NLS Handle ID: 0x11c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20000.NLS Handle ID: 0x11cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20108.NLS Handle ID: 0x11d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20002.NLS Handle ID: 0x11d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_10.0.19041.1_none_473895efd7bd22ae\clusapi.dll Handle ID: 0x11d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ovdatamodel-library_31bf3856ad364e35_10.0.19041.1_none_643d9932f66c8c3f\CredProvDataModel.dll Handle ID: 0x11dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20273.NLS Handle ID: 0x11e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20001.NLS Handle ID: 0xb48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20277.NLS Handle ID: 0xb4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20261.NLS Handle ID: 0xb40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20278.NLS Handle ID: 0x11c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20003.NLS Handle ID: 0xb54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20280.NLS Handle ID: 0x11e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20284.NLS Handle ID: 0xb50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20004.NLS Handle ID: 0xb58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1361.NLS Handle ID: 0x11ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20285.NLS Handle ID: 0x11e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20005.NLS Handle ID: 0x11f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20290.NLS Handle ID: 0xb5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20297.NLS Handle ID: 0xb60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20420.NLS Handle ID: 0x11f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20423.NLS Handle ID: 0x11f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_10.0.19041.1_none_3bdf68e23780d992\cryptui.dll Handle ID: 0x11fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20424.NLS Handle ID: 0xb64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20833.NLS Handle ID: 0x1200 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20838.NLS Handle ID: 0x1208 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20866.NLS Handle ID: 0x1210 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20871.NLS Handle ID: 0x1214 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20880.NLS Handle ID: 0x1218 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20905.NLS Handle ID: 0x121c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20924.NLS Handle ID: 0x1204 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_21025.NLS Handle ID: 0x1220 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_21027.NLS Handle ID: 0x1224 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_21866.NLS Handle ID: 0x1228 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28591.NLS Handle ID: 0x122c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28592.NLS Handle ID: 0x1230 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28593.NLS Handle ID: 0x1234 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28594.NLS Handle ID: 0x1238 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28595.NLS Handle ID: 0x123c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28596.NLS Handle ID: 0x1240 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28597.NLS Handle ID: 0x1244 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28598.NLS Handle ID: 0x1248 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28599.NLS Handle ID: 0x124c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\c_28603.nls Handle ID: 0x1250 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28605.NLS Handle ID: 0xb74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_437.NLS Handle ID: 0xb70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_500.NLS Handle ID: 0xb6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_708.NLS Handle ID: 0xb68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_720.NLS Handle ID: 0x120c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20932.NLS Handle ID: 0xb80 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_737.NLS Handle ID: 0xb7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_775.NLS Handle ID: 0xb78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_850.NLS Handle ID: 0xb84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20936.NLS Handle ID: 0x1254 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_852.NLS Handle ID: 0x1258 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_855.NLS Handle ID: 0xb88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_857.NLS Handle ID: 0x125c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_858.NLS Handle ID: 0x1260 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_860.NLS Handle ID: 0x1264 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_861.NLS Handle ID: 0xb8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_862.NLS Handle ID: 0x126c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_863.NLS Handle ID: 0x1268 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_864.NLS Handle ID: 0xb90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_865.NLS Handle ID: 0x1270 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_866.NLS Handle ID: 0x1278 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_869.NLS Handle ID: 0x127c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_870.NLS Handle ID: 0xb94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_874.NLS Handle ID: 0x1274 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_875.NLS Handle ID: 0x1280 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20949.NLS Handle ID: 0x1284 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\c_GSM7.DLL Handle ID: 0xb98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_ISCII.DLL Handle ID: 0x1288 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_IS2022.DLL Handle ID: 0xb9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..opactivitybrokerapi_31bf3856ad364e35_10.0.19041.1_none_3378fa68ed04027b\dabapi.dll Handle ID: 0xba0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_936.NLS Handle ID: 0x128c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webdavredir-helper_31bf3856ad364e35_10.0.19041.1_none_ea8fc0989dcc16c5\davhlpr.dll Handle ID: 0x1290 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_G18030.DLL Handle ID: 0x1294 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_950.NLS Handle ID: 0xba4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_932.NLS Handle ID: 0x129c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_949.NLS Handle ID: 0x1298 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-desktopactivitybroker_31bf3856ad364e35_10.0.19041.1_none_8db60060e17b72c7\dab.dll Handle ID: 0xba8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.1_none_5fc425fbf9e3e3c7\dciman32.dll Handle ID: 0x12a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-defrag-core_31bf3856ad364e35_10.0.19041.1_none_ce4f7609576a21a4\defragres.dll Handle ID: 0x12a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-debugcore_31bf3856ad364e35_10.0.19041.1_none_b2617c97eac94a9d\dbgcore.dll Handle ID: 0xbb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-defrag-core_31bf3856ad364e35_10.0.19041.1_none_ce4f7609576a21a4\defragproxy.dll Handle ID: 0x12ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-devicecensus_31bf3856ad364e35_10.0.19041.1_none_65637d0d99e451f6\DeviceCensus.exe Handle ID: 0x12b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcpcmonitor_31bf3856ad364e35_10.0.19041.1_none_8bf062a40a113c29\dhcpcmonitor.dll Handle ID: 0x12b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dfsclient-netapi_31bf3856ad364e35_10.0.19041.1_none_168d48d3cfd5261b\dfscli.dll Handle ID: 0x12b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.19041.1_none_f952033afd5152f9\devrtl.dll Handle ID: 0x12bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.19041.1_none_22e5bf11f8683e9a\dhcpcsvc6.dll Handle ID: 0x12c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-deviceupdateagent_31bf3856ad364e35_10.0.19041.1_none_0e74f8fe5c3e60f7\DeviceUpdateAgent.dll Handle ID: 0xbb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.19041.1_none_22e5bf11f8683e9a\dhcpcsvc.dll Handle ID: 0xbb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.19041.1_none_f952033afd5152f9\devobj.dll Handle ID: 0x12c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\diagnosticdataquery.dll Handle ID: 0x12c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..authfactor-credprov_31bf3856ad364e35_10.0.19041.1_none_9e1ed363edf61543\devicengccredprov.dll Handle ID: 0x12cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.19041.1_none_22e5bf11f8683e9a\dhcpcore6.dll Handle ID: 0xbbc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-diskpart_31bf3856ad364e35_10.0.19041.1_none_1ec972de354a6d3f\diskpart.exe Handle ID: 0x12d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-surrogate-core_31bf3856ad364e35_10.0.19041.1_none_eadb9d8875f59863\dllhost.exe Handle ID: 0xbc0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_10.0.19041.1_none_fa14fc3992df87f1\dllhst3g.exe Handle ID: 0x12d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.19041.1_none_22e5bf11f8683e9a\dhcpcore.dll Handle ID: 0x12e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client_31bf3856ad364e35_10.0.19041.1_none_97d38a6121b6e9e6\dnscacheugc.exe Handle ID: 0x12e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\doskey.exe Handle ID: 0x7ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dpapi-dll_31bf3856ad364e35_10.0.19041.1_none_2dd56991b1dc1578\dpapi.dll Handle ID: 0x12dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-defrag-core_31bf3856ad364e35_10.0.19041.1_none_ce4f7609576a21a4\defragsvc.dll Handle ID: 0x12e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ervicing-management_31bf3856ad364e35_10.0.19041.1_none_149ab09bad09f1c1\Dism.exe Handle ID: 0x12ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-diskraid_31bf3856ad364e35_10.0.19041.1_none_1b7ab1943757b81e\diskraid.exe Handle ID: 0xbc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-difxapi_31bf3856ad364e35_10.0.19041.1_none_be34ab12358fa2d8\difxapi.dll Handle ID: 0x12f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_10.0.19041.1_none_1160cf5f7d314d55\crypt32.dll Handle ID: 0x12f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dpapi-keys_31bf3856ad364e35_10.0.19041.1_none_33c3e07f6cce5a52\dpapimig.exe Handle ID: 0xbc8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe-drvload_31bf3856ad364e35_10.0.19041.1_none_4209d7c08f4e598d\drvload.exe Handle ID: 0x12f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.19041.1_none_4c13d8f934672657\driverquery.exe Handle ID: 0x12fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..oryservices-dsparse_31bf3856ad364e35_10.0.19041.1_none_0608d44b21a515d1\dsparse.dll Handle ID: 0x1300 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dssetupcli_31bf3856ad364e35_10.0.19041.1_none_af2b2ecc57fe1a99\dsrole.dll Handle ID: 0xbcc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-drvsetup_31bf3856ad364e35_10.0.19041.1_none_13cec30c02f42f59\drvsetup.dll Handle ID: 0x12d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directmanipulation_31bf3856ad364e35_10.0.19041.1_none_030d256540eba4b7\directmanipulation.dll Handle ID: 0x1304 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dpapisrv-dll_31bf3856ad364e35_10.0.19041.1_none_c9a5571e5b3fffc7\dpapisrv.dll Handle ID: 0xbd0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1_none_f61301ca804606c1\DbgModel.dll Handle ID: 0x1308 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-devicecensus_31bf3856ad364e35_10.0.19041.1_none_65637d0d99e451f6\dcntel.dll Handle ID: 0x130c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.19041.1_none_4b7cc143c2832061\dnsrslvr.dll Handle ID: 0x1310 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_10.0.19041.1_none_403af5649d7b9685\Eap3Host.exe Handle ID: 0x7a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-drvinst_31bf3856ad364e35_10.0.19041.1_none_0b4eeb140948562c\drvinst.exe Handle ID: 0x1314 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-graphics-wdi_31bf3856ad364e35_10.0.19041.1_none_bee26a44319e1493\dxgwdi.dll Handle ID: 0x131c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_10.0.19041.1_none_f1e9c907244233d1\dssenh.dll Handle ID: 0x1320 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_10.0.19041.1_none_95fff210df5ae16f\dwmapi.dll Handle ID: 0x1324 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eappgnui.dll Handle ID: 0x1328 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eappprxy.dll Handle ID: 0x132c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eappcfg.dll Handle ID: 0x1330 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.19041.1_none_4b7cc143c2832061\dnsapi.dll Handle ID: 0x1334 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eappcfgui_31bf3856ad364e35_10.0.19041.1_none_444dbed03b2a15c1\eappcfgui.dll Handle ID: 0x7a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eapp3hst.dll Handle ID: 0x1338 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_10.0.19041.1_none_1fcfa3b2d46561c6\dpx.dll Handle ID: 0x7a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-raschap_31bf3856ad364e35_10.0.19041.1_none_70e1de7eb854e747\eapprovp.dll Handle ID: 0x1318 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_10.0.19041.1_none_403af5649d7b9685\eapsvc.dll Handle ID: 0x7b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapprivateutil_31bf3856ad364e35_10.0.19041.1_none_ae1989077ff9e7e0\eapputil.dll Handle ID: 0x1340 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eapphost.dll Handle ID: 0x1344 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-duser_31bf3856ad364e35_10.0.19041.1_none_1065bbcc9bd80874\duser.dll Handle ID: 0x7bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-efs-service_31bf3856ad364e35_10.0.19041.1_none_0c35d18ac419dd97\efssvc.dll Handle ID: 0x1348 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapteap_31bf3856ad364e35_10.0.19041.1_none_d7a48831f8fa235d\EapTeapAuth.dll Handle ID: 0x133c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-efs-util-library_31bf3856ad364e35_10.0.19041.1_none_fd0a6eeb422c1af6\efsutil.dll Handle ID: 0x1350 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapteap_31bf3856ad364e35_10.0.19041.1_none_d7a48831f8fa235d\EapTeapConfig.dll Handle ID: 0x7c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-efs-lsa-extension_31bf3856ad364e35_10.0.19041.1_none_7f2b71ce5454a4a2\efslsaext.dll Handle ID: 0x1354 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vss-eventcls_31bf3856ad364e35_10.0.19041.1_none_985100fe9e8acd26\eventcls.dll Handle ID: 0x134c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..lestorageengine-vss_31bf3856ad364e35_10.0.19041.1_none_6e7b8e97f7444bd4\esevss.dll Handle ID: 0x8dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_10.0.19041.1_none_a3b278e42f5b405a\f3ahvoas.dll Handle ID: 0x1358 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventaggregation_31bf3856ad364e35_10.0.19041.1_none_63a798d6bc80e6c3\EventAggregation.dll Handle ID: 0x1360 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-expand_31bf3856ad364e35_10.0.19041.1_none_0e6389fff73df783\expand.exe Handle ID: 0x135c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..sedwritefilter-util_31bf3856ad364e35_10.0.19041.1_none_e87e01a9005f1ae6\fbwflib.dll Handle ID: 0x8d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-etw-ese_31bf3856ad364e35_10.0.19041.1_none_854be02225b9bfa7\ETWESEProviderResources.dll Handle ID: 0x1364 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..cing-management-api_31bf3856ad364e35_10.0.19041.1_none_5cb2e5e4fea9a8fe\DismApi.dll Handle ID: 0x1368 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\find.exe Handle ID: 0x136c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\finger.exe Handle ID: 0x8d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.1_none_613e4ed2b91d35a0\fixmapi.exe Handle ID: 0x1370 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.0.19041.1_none_318632b596bb9495\edgeIso.dll Handle ID: 0x1374 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.19041.1_none_cf7ec085c4b5345c\fltLib.dll Handle ID: 0x137c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-debughelp_31bf3856ad364e35_10.0.19041.1_none_ae3da599ed690c93\dbghelp.dll Handle ID: 0x8d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..eatureconfiguration_31bf3856ad364e35_10.0.19041.1_none_0dd6db73600c7ea8\fcon.dll Handle ID: 0x1378 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.19041.1_none_cf7ec085c4b5345c\fltMC.exe Handle ID: 0x1380 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_10.0.19041.1_none_8f7cfa81649ea7a8\esentutl.exe Handle ID: 0x8cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-feclient_31bf3856ad364e35_10.0.19041.1_none_74cb1eaef6f25b5b\feclient.dll Handle ID: 0x1384 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-drvstore_31bf3856ad364e35_10.0.19041.1_none_a6e562aee2e2b404\drvstore.dll Handle ID: 0x1388 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fmifs_31bf3856ad364e35_10.0.19041.1_none_0cff7f08d0f4bc40\fmifs.dll Handle ID: 0x138c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-format_31bf3856ad364e35_10.0.19041.1_none_dc79f03629571954\format.com Handle ID: 0x8c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..utilitylibrariesext_31bf3856ad364e35_10.0.19041.1_none_26f4f0a946ac539a\fsutilext.dll Handle ID: 0x1390 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1_none_25f82a25dc26d7b4\Faultrep.dll Handle ID: 0x1398 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.1_none_c3df43fac5e304be\combase.dll Handle ID: 0x1394 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms_31bf3856ad364e35_10.0.19041.1_none_fdc3c32153adba41\fms.dll Handle ID: 0x8c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.1_none_5fc425fbf9e3e3c7\fontsub.dll Handle ID: 0x13a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ftp_31bf3856ad364e35_10.0.19041.1_none_62dc6b73f7e78431\ftp.exe Handle ID: 0x13a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ertificates-utility_31bf3856ad364e35_10.0.19041.1_none_3eeeb9b5ca0761f9\fvecerts.dll Handle ID: 0x13ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.19041.1_none_825521fc8f4a22ac\fsutil.exe Handle ID: 0x13b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\FwRemoteSvr.dll Handle ID: 0x13b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\fwbase.dll Handle ID: 0x13b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\FirewallAPI.dll Handle ID: 0x13a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\fwpolicyiomgr.dll Handle ID: 0x13bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-gmsaclient-library_31bf3856ad364e35_10.0.19041.1_none_e1af1394fbed9887\gmsaclient.dll Handle ID: 0x13c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi32_31bf3856ad364e35_10.0.19041.1_none_0f6fb77fe8af11e6\gdi32.dll Handle ID: 0x13c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hal_31bf3856ad364e35_10.0.19041.1_none_611a0027f907bdd0\hal.dll Handle ID: 0x13c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-base_31bf3856ad364e35_10.0.19041.1_none_de146f6286602c80\gpapi.dll Handle ID: 0x13d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_10.0.19041.1_none_eacbb36c917c7f4d\fveapibase.dll Handle ID: 0x13dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\HOSTNAME.EXE Handle ID: 0x13e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hid-dll_31bf3856ad364e35_10.0.19041.1_none_7e9f4780b1a81d85\hid.dll Handle ID: 0x8b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hid-user_31bf3856ad364e35_10.0.19041.1_none_8c9d55f126cc2eb2\hidserv.dll Handle ID: 0x8b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-http-api_31bf3856ad364e35_10.0.19041.1_none_ab9d4a833ca9604e\httpapi.dll Handle ID: 0x13e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-icacls_31bf3856ad364e35_10.0.19041.1_none_e8a5ac944557b7d6\icacls.exe Handle ID: 0x8ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hyperv-hvsocketapi_31bf3856ad364e35_10.0.19041.1_none_d977aa97a88f54f6\HvSocket.dll Handle ID: 0x13ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_10.0.19041.1_none_a061f8693aabb18d\icmp.dll Handle ID: 0x13e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dui70_31bf3856ad364e35_10.0.19041.1_none_0da5bd549d784d72\dui70.dll Handle ID: 0x774 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-efs-core-library_31bf3856ad364e35_10.0.19041.1_none_0c92f10936e8155b\efscore.dll Handle ID: 0x13f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nal-nlsdownleveldll_31bf3856ad364e35_10.0.19041.1_none_be9a10dff760abf5\idndl.dll Handle ID: 0x13f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-security-winpe_31bf3856ad364e35_10.0.19041.1_none_9bfa2f37b63d1ea6\FWPUCLNT.DLL Handle ID: 0x13fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ifsutilx_31bf3856ad364e35_10.0.19041.1_none_293ad13c931df983\ifsutilx.dll Handle ID: 0x8bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-flighting-settings_31bf3856ad364e35_10.0.19041.1_none_3ec7617e8e74a51b\FlightSettings.dll Handle ID: 0x13f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasifmon_31bf3856ad364e35_10.0.19041.1_none_80c0d7568c8c0652\ifmon.dll Handle ID: 0x8b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\icfupgd.dll Handle ID: 0x8c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.1_none_5fc425fbf9e3e3c7\fontdrvhost.exe Handle ID: 0x8a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-coreos_31bf3856ad364e35_10.0.19041.1_none_db4353caddaecdb2\imagehlp.dll Handle ID: 0x770 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_10.0.19041.1_none_9f87655b8f0ae013\ifsutil.dll Handle ID: 0x1404 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_10.0.19041.1_none_eacbb36c917c7f4d\fveapi.dll Handle ID: 0x77c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-legacyshim_31bf3856ad364e35_10.0.19041.1_none_e9ed9af439d88562\imapi.dll Handle ID: 0x1408 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.19041.1_none_228591433b6cf074\InfDefaultInstall.exe Handle ID: 0x140c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imm32_31bf3856ad364e35_10.0.19041.1_none_12472b9a19c8837d\imm32.dll Handle ID: 0x1414 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imagesp1-embedded_31bf3856ad364e35_10.0.19041.1_none_95bcfbbdb093b9a5\imagesp1.dll Handle ID: 0x784 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-snmp-inetmib1-raw-file_31bf3856ad364e35_10.0.19041.1_none_d88e1d2b76022297\inetmib1.dll Handle ID: 0x1418 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.19041.1_none_022afe83b74c28cc\ipconfig.exe Handle ID: 0x1410 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi32full_31bf3856ad364e35_10.0.19041.1_none_0bdc80f3c6a07dbf\gdi32full.dll Handle ID: 0x141c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..-joinprovideronline_31bf3856ad364e35_10.0.19041.1_none_0c153bf6c1374321\joinproviderol.dll Handle ID: 0x1420 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..rm-libraries-minwin_31bf3856ad364e35_10.0.19041.1_none_55a3f83b105b09e4\IPHLPAPI.DLL Handle ID: 0x1428 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..se_standard_101_key_31bf3856ad364e35_10.0.19041.1_none_bf5f54a6b766759a\kbd101.dll Handle ID: 0x78c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..tprovision-joinutil_31bf3856ad364e35_10.0.19041.1_none_2b1450a61f89026d\joinutil.dll Handle ID: 0x142c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.19041.1_none_ebcb7bd9ac0a7638\jsproxy.dll Handle ID: 0x1424 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..eyboard-korean_101a_31bf3856ad364e35_10.0.19041.1_none_3bb7a99fb9fae71c\kbd101a.dll Handle ID: 0x790 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..eyboard-korean_101b_31bf3856ad364e35_10.0.19041.1_none_3bb792d7b9fb00bd\kbd101b.dll Handle ID: 0x1430 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..eyboard-korean_101c_31bf3856ad364e35_10.0.19041.1_none_3bb77c0fb9fb1a5e\kbd101c.dll Handle ID: 0x1434 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..keyboard-korean_103_31bf3856ad364e35_10.0.19041.1_none_6d35f748424d3427\kbd103.dll Handle ID: 0x1438 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_10.0.19041.1_none_92f877f6b2f8f621\kbd106.dll Handle ID: 0x794 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_10.0.19041.1_none_92f877f6b2f8f621\kbd106n.dll Handle ID: 0x1440 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000401_31bf3856ad364e35_10.0.19041.1_none_9d3331cf03954005\KBDA1.DLL Handle ID: 0x143c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020401_31bf3856ad364e35_10.0.19041.1_none_e36fb9e0e8b77a77\KBDA3.DLL Handle ID: 0x7e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010401_31bf3856ad364e35_10.0.19041.1_none_405175d7f6265d3e\KBDA2.DLL Handle ID: 0x1444 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00140c00_31bf3856ad364e35_10.0.19041.1_none_129c2d22e79fa5fa\KBDADLM.DLL Handle ID: 0x1448 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..sframework-inputdll_31bf3856ad364e35_10.0.19041.1_none_1288003764b2fafd\input.dll Handle ID: 0x144c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041c_31bf3856ad364e35_10.0.19041.1_none_b35f8202f5543c04\KBDAL.DLL Handle ID: 0x7e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042b_31bf3856ad364e35_10.0.19041.1_none_b2ede40cf59d511e\KBDARME.DLL Handle ID: 0x1450 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0002042b_31bf3856ad364e35_10.0.19041.1_none_f92a6c1edabf8b90\kbdarmph.dll Handle ID: 0x1454 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directwrite_31bf3856ad364e35_10.0.19041.1_none_888e7ca59ecc962f\DWrite.dll Handle ID: 0x1458 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0003042b_31bf3856ad364e35_10.0.19041.1_none_9c48b027cd50a8c9\kbdarmty.dll Handle ID: 0x768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001042b_31bf3856ad364e35_10.0.19041.1_none_560c2815e82e6e57\KBDARMW.DLL Handle ID: 0x1460 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..panese_ax2_keyboard_31bf3856ad364e35_10.0.19041.1_none_7298bbb46b5f72cd\kbdax2.dll Handle ID: 0x145c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000082c_31bf3856ad364e35_10.0.19041.1_none_b3636c62f550bb01\KBDAZE.DLL Handle ID: 0x8a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-base_31bf3856ad364e35_10.0.19041.1_none_78fb7d69b1ff3ee7\imapi2.dll Handle ID: 0x1464 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001042c_31bf3856ad364e35_10.0.19041.1_none_567daf43e7e572de\KBDAZST.DLL Handle ID: 0x146c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042c_31bf3856ad364e35_10.0.19041.1_none_b35f6b3af55455a5\KBDAZEL.DLL Handle ID: 0x1470 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000046d_31bf3856ad364e35_10.0.19041.1_none_b3d09748f50bc0b0\KBDBASH.DLL Handle ID: 0x1468 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdbe_31bf3856ad364e35_10.0.19041.1_none_2ccd8031b8e94048\KBDBE.DLL Handle ID: 0x89c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001080c_31bf3856ad364e35_10.0.19041.1_none_5681ddfbe7e1a4f8\KBDBENE.DLL Handle ID: 0x1474 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020402_31bf3856ad364e35_10.0.19041.1_none_e3e1410ee86e7efe\KBDBGPH.DLL Handle ID: 0x898 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00040402_31bf3856ad364e35_10.0.19041.1_none_2a1dc920cd90b970\KBDBGPH1.DLL Handle ID: 0x1478 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000201a_31bf3856ad364e35_10.0.19041.1_none_b262d2a6f5fa057c\KBDBHC.DLL Handle ID: 0x147c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000423_31bf3856ad364e35_10.0.19041.1_none_9e16129b03037c55\KBDBLR.DLL Handle ID: 0x1484 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdbr_31bf3856ad364e35_10.0.19041.1_none_2c40f135b952ab85\KBDBR.DLL Handle ID: 0x1480 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000402_31bf3856ad364e35_10.0.19041.1_none_9da4b8fd034c448c\KBDBU.DLL Handle ID: 0x894 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000b0c00_31bf3856ad364e35_10.0.19041.1_none_78da01f6640b9799\KBDBUG.DLL Handle ID: 0x1488 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00030402_31bf3856ad364e35_10.0.19041.1_none_86ff8517daff9c37\KBDBULG.DLL Handle ID: 0x890 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00001009_31bf3856ad364e35_10.0.19041.1_none_a0b09a2b01591ad2\KBDCA.DLL Handle ID: 0x148c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00011009_31bf3856ad364e35_10.0.19041.1_none_43cede33f3ea380b\KBDCAN.DLL Handle ID: 0x1490 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000045c_31bf3856ad364e35_10.0.19041.1_none_b35f26e2f554a288\KBDCHER.DLL Handle ID: 0x1494 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdcr_31bf3856ad364e35_10.0.19041.1_none_2cb27863b909b00c\KBDCR.DLL Handle ID: 0x88c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000405_31bf3856ad364e35_10.0.19041.1_none_9ef94e8702715221\KBDCZ.DLL Handle ID: 0x1498 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010405_31bf3856ad364e35_10.0.19041.1_none_4217928ff5026f5a\KBDCZ1.DLL Handle ID: 0x149c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001045c_31bf3856ad364e35_10.0.19041.1_none_567d6aebe7e5bfc1\KBDCHERP.DLL Handle ID: 0x14a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000406_31bf3856ad364e35_10.0.19041.1_none_9f6ad5b5022856a8\KBDDA.DLL Handle ID: 0x888 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020405_31bf3856ad364e35_10.0.19041.1_none_e535d698e7938c93\KBDCZ2.DLL Handle ID: 0x14a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000465_31bf3856ad364e35_10.0.19041.1_none_9ef8c5d70271ebe7\KBDDIV1.DLL Handle ID: 0x14a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010465_31bf3856ad364e35_10.0.19041.1_none_421709dff5030920\KBDDIV2.DLL Handle ID: 0x884 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010409_31bf3856ad364e35_10.0.19041.1_none_43ddaf47f3de8176\KBDDV.DLL Handle ID: 0x14ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000c51_31bf3856ad364e35_10.0.19041.1_none_9d61cd7d036b6723\KBDDZO.DLL Handle ID: 0x14b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001040a_31bf3856ad364e35_10.0.19041.1_none_559ace77e877368e\KBDES.DLL Handle ID: 0x14b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000429_31bf3856ad364e35_10.0.19041.1_none_a0bf3daf014d977f\KBDFA.DLL Handle ID: 0x880 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00050429_31bf3856ad364e35_10.0.19041.1_none_d05691dbbe23299c\kbdfar.dll Handle ID: 0x14b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000425_31bf3856ad364e35_10.0.19041.1_none_9ef920f702718563\KBDEST.DLL Handle ID: 0x14bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000c0c_31bf3856ad364e35_10.0.19041.1_none_b38ea660f529c95c\KBDFC.DLL Handle ID: 0x14c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040b_31bf3856ad364e35_10.0.19041.1_none_b2ee119cf59d1ddc\KBDFI.DLL Handle ID: 0x14c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nal-keyboard-kbdfi1_31bf3856ad364e35_10.0.19041.1_none_12c9086d6a5ba411\KBDFI1.DLL Handle ID: 0x14cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000438_31bf3856ad364e35_10.0.19041.1_none_a04d9fb90196ac99\KBDFO.DLL Handle ID: 0x14d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040c_31bf3856ad364e35_10.0.19041.1_none_b35f98caf5542263\KBDFR.DLL Handle ID: 0x14d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00120c00_31bf3856ad364e35_10.0.19041.1_none_cc5fa511027d6b88\KBDFTHRK.DLL Handle ID: 0x14d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00011809_31bf3856ad364e35_10.0.19041.1_none_43d6e083f3e302c3\KBDGAE.DLL Handle ID: 0x14dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000437_31bf3856ad364e35_10.0.19041.1_none_9fdc188b01dfa812\KBDGEO.DLL Handle ID: 0x14e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020437_31bf3856ad364e35_10.0.19041.1_none_e618a09ce701e284\kbdgeoer.dll Handle ID: 0x14e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00030437_31bf3856ad364e35_10.0.19041.1_none_8936e4a5d992ffbd\kbdgeome.dll Handle ID: 0x14e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00040437_31bf3856ad364e35_10.0.19041.1_none_2c5528aecc241cf6\kbdgeooa.dll Handle ID: 0x14ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00050408_31bf3856ad364e35_10.0.19041.1_none_cfe5383dbe6bf1d3\KBDGKL.DLL Handle ID: 0x14f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000474_31bf3856ad364e35_10.0.19041.1_none_9e8727e102bb0101\KBDGN.DLL Handle ID: 0x14f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010437_31bf3856ad364e35_10.0.19041.1_none_42fa5c93f470c54b\kbdgeoqw.dll Handle ID: 0x14f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000407_31bf3856ad364e35_10.0.19041.1_none_9fdc5ce301df5b2f\KBDGR.DLL Handle ID: 0x14fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010407_31bf3856ad364e35_10.0.19041.1_none_42faa0ebf4707868\KBDGR1.DLL Handle ID: 0x1500 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000c0c00_31bf3856ad364e35_10.0.19041.1_none_1bf845ff569cb4d2\KBDGTHC.DLL Handle ID: 0x1504 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000046f_31bf3856ad364e35_10.0.19041.1_none_b4b3a5a4f479c9be\KBDGRLND.DLL Handle ID: 0x7d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000468_31bf3856ad364e35_10.0.19041.1_none_a04d5b610196f97c\KBDHAU.DLL Handle ID: 0x7cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000475_31bf3856ad364e35_10.0.19041.1_none_9ef8af0f02720588\KBDHAW.DLL Handle ID: 0x7c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000408_31bf3856ad364e35_10.0.19041.1_none_a04de41101965fb6\KBDHE.DLL Handle ID: 0x87c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010408_31bf3856ad364e35_10.0.19041.1_none_436c2819f4277cef\KBDHE220.DLL Handle ID: 0x14c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020408_31bf3856ad364e35_10.0.19041.1_none_e68a6c22e6b89a28\KBDHE319.DLL Handle ID: 0x7d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040d_31bf3856ad364e35_10.0.19041.1_none_b3d11ff8f50b26ea\KBDHEB.DLL Handle ID: 0x7d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0002040d_31bf3856ad364e35_10.0.19041.1_none_fa0da80ada2d615c\kbdhebl3.dll Handle ID: 0x7b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00030408_31bf3856ad364e35_10.0.19041.1_none_89a8b02bd949b761\KBDHELA2.DLL Handle ID: 0x7dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00040408_31bf3856ad364e35_10.0.19041.1_none_2cc6f434cbdad49a\KBDHELA3.DLL Handle ID: 0x1508 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\IPSECSVC.DLL Handle ID: 0x79c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00060408_31bf3856ad364e35_10.0.19041.1_none_73037c46b0fd0f0c\KBDHEPT.DLL Handle ID: 0x150c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001040e_31bf3856ad364e35_10.0.19041.1_none_5760eb2fe75348aa\KBDHU1.DLL Handle ID: 0x1514 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..oard-japanese_ibm02_31bf3856ad364e35_10.0.19041.1_none_086c45ad298279ba\kbdibm02.dll Handle ID: 0x1510 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000470_31bf3856ad364e35_10.0.19041.1_none_9cc10b2903deeee5\KBDIBO.DLL Handle ID: 0xbd4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040e_31bf3856ad364e35_10.0.19041.1_none_b442a726f4c22b71\KBDHU.DLL Handle ID: 0x1518 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040f_31bf3856ad364e35_10.0.19041.1_none_b4b42e54f4792ff8\KBDIC.DLL Handle ID: 0x151c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044d_31bf3856ad364e35_10.0.19041.1_none_b3d0c4d8f50b8d6e\KBDINASA.DLL Handle ID: 0x1520 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010445_31bf3856ad364e35_10.0.19041.1_none_4217376ff502d5de\KBDINBE1.DLL Handle ID: 0x780 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020445_31bf3856ad364e35_10.0.19041.1_none_e5357b78e793f317\KBDINBE2.DLL Handle ID: 0x1524 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000445_31bf3856ad364e35_10.0.19041.1_none_9ef8f3670271b8a5\KBDINBEN.DLL Handle ID: 0x152c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000439_31bf3856ad364e35_10.0.19041.1_none_a0bf26e7014db120\KBDINDEV.DLL Handle ID: 0x1530 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00004009_31bf3856ad364e35_10.0.19041.1_none_a0902a6701716ea5\KBDINEN.DLL Handle ID: 0x1534 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010439_31bf3856ad364e35_10.0.19041.1_none_43dd6aeff3dece59\KBDINHIN.DLL Handle ID: 0x1538 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044b_31bf3856ad364e35_10.0.19041.1_none_b2edb67cf59d8460\KBDINKAN.DLL Handle ID: 0x153c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000447_31bf3856ad364e35_10.0.19041.1_none_9fdc01c301dfc1b3\KBDINGUJ.DLL Handle ID: 0x1540 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044c_31bf3856ad364e35_10.0.19041.1_none_b35f3daaf55488e7\KBDINMAL.DLL Handle ID: 0x1544 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044e_31bf3856ad364e35_10.0.19041.1_none_b4424c06f4c291f5\KBDINMAR.DLL Handle ID: 0x1548 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000448_31bf3856ad364e35_10.0.19041.1_none_a04d88f10196c63a\KBDINORI.DLL Handle ID: 0x154c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000446_31bf3856ad364e35_10.0.19041.1_none_9f6a7a950228bd2c\KBDINPUN.DLL Handle ID: 0x8e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000449_31bf3856ad364e35_10.0.19041.1_none_a0bf101f014dcac1\KBDINTAM.DLL Handle ID: 0x8ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044a_31bf3856ad364e35_10.0.19041.1_none_b27c2f4ef5e67fd9\KBDINTEL.DLL Handle ID: 0x1528 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001045d_31bf3856ad364e35_10.0.19041.1_none_56eef219e79cc448\KBDINUK2.DLL Handle ID: 0x8e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00001809_31bf3856ad364e35_10.0.19041.1_none_a0b89c7b0151e58a\KBDIR.DLL Handle ID: 0x8e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000410_31bf3856ad364e35_10.0.19041.1_none_9cc193d903de551f\KBDIT.DLL Handle ID: 0x1554 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010410_31bf3856ad364e35_10.0.19041.1_none_3fdfd7e1f66f7258\KBDIT142.DLL Handle ID: 0x1558 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000085d_31bf3856ad364e35_10.0.19041.1_none_b3d4af38f5080c6b\KBDIULAT.DLL Handle ID: 0x155c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00110c00_31bf3856ad364e35_10.0.19041.1_none_294161080fec4e4f\KBDJAV.DLL Handle ID: 0x878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000043f_31bf3856ad364e35_10.0.19041.1_none_b4b3e9fcf4797cdb\KBDKAZ.DLL Handle ID: 0x1550 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000453_31bf3856ad364e35_10.0.19041.1_none_9e15ce430303c938\KBDKHMR.DLL Handle ID: 0x1560 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010453_31bf3856ad364e35_10.0.19041.1_none_4134124bf594e671\KBDKNI.DLL Handle ID: 0x874 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-security-winpe_31bf3856ad364e35_10.0.19041.1_none_9bfa2f37b63d1ea6\IKEEXT.DLL Handle ID: 0x1564 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000492_31bf3856ad364e35_10.0.19041.1_none_9da3ebf5034d2b35\KBDKURD.DLL Handle ID: 0x1568 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000411_31bf3856ad364e35_10.0.19041.1_none_9d331b07039559a6\KBDJPN.DLL Handle ID: 0x870 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000440_31bf3856ad364e35_10.0.19041.1_none_9cc14f8103dea202\KBDKYR.DLL Handle ID: 0x156c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000080a_31bf3856ad364e35_10.0.19041.1_none_b2808b96f5e27eb1\KBDLA.DLL Handle ID: 0x1570 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000412_31bf3856ad364e35_10.0.19041.1_none_9da4a235034c5e2d\KBDKOR.DLL Handle ID: 0x1574 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000454_31bf3856ad364e35_10.0.19041.1_none_9e87557102bacdbf\KBDLAO.DLL Handle ID: 0x86c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00070c00_31bf3856ad364e35_10.0.19041.1_none_12c49475a5abaf06\kbdlisub.dll Handle ID: 0x1578 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00080c00_31bf3856ad364e35_10.0.19041.1_none_b5e2d87e983ccc3f\kbdlisus.dll Handle ID: 0x157c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000427_31bf3856ad364e35_10.0.19041.1_none_9fdc2f5301df8e71\KBDLT.DLL Handle ID: 0x1584 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..panese_dec_lk411-aj_31bf3856ad364e35_10.0.19041.1_none_07b0f2db1add18c6\kbdlk41a.dll Handle ID: 0x868 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010427_31bf3856ad364e35_10.0.19041.1_none_42fa735bf470abaa\KBDLT1.DLL Handle ID: 0x1588 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020427_31bf3856ad364e35_10.0.19041.1_none_e618b764e701c8e3\KBDLT2.DLL Handle ID: 0x1580 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000426_31bf3856ad364e35_10.0.19041.1_none_9f6aa825022889ea\KBDLV.DLL Handle ID: 0x864 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010426_31bf3856ad364e35_10.0.19041.1_none_4288ec2df4b9a723\KBDLV1.DLL Handle ID: 0x158c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042f_31bf3856ad364e35_10.0.19041.1_none_b4b400c4f479633a\KBDMAC.DLL Handle ID: 0x1590 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020426_31bf3856ad364e35_10.0.19041.1_none_e5a73036e74ac45c\KBDLVST.DLL Handle ID: 0x1594 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001042f_31bf3856ad364e35_10.0.19041.1_none_57d244cde70a8073\KBDMACST.DLL Handle ID: 0x159c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000481_31bf3856ad364e35_10.0.19041.1_none_9d327b8f03960d0d\KBDMAORI.DLL Handle ID: 0x15a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000043a_31bf3856ad364e35_10.0.19041.1_none_b27c4616f5e66638\KBDMLT47.DLL Handle ID: 0x15a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001043a_31bf3856ad364e35_10.0.19041.1_none_559a8a1fe8778371\KBDMLT48.DLL Handle ID: 0x15a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000450_31bf3856ad364e35_10.0.19041.1_none_9cc138b903debba3\KBDMON.DLL Handle ID: 0x15ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000850_31bf3856ad364e35_10.0.19041.1_none_9cc539e103db20ff\KBDMONMO.DLL Handle ID: 0x15b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010850_31bf3856ad364e35_10.0.19041.1_none_3fe37de9f66c3e38\KBDMONST.DLL Handle ID: 0x15b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010c00_31bf3856ad364e35_10.0.19041.1_none_400efc3ff644ffb0\KBDMYAN.DLL Handle ID: 0x15b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000413_31bf3856ad364e35_10.0.19041.1_none_9e162963030362b4\KBDNE.DLL Handle ID: 0x15bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nese_nec98_usb_only_31bf3856ad364e35_10.0.19041.1_none_9132ab5759443e87\kbdnec.dll Handle ID: 0x15c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..-japanese_nec_win95_31bf3856ad364e35_10.0.19041.1_none_2e40a4b950cac90d\kbdnec95.dll Handle ID: 0x15c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000461_31bf3856ad364e35_10.0.19041.1_none_9d32a91f0395d9cb\KBDNEPR.DLL Handle ID: 0x15c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00090c00_31bf3856ad364e35_10.0.19041.1_none_59011c878acde978\kbdnko.dll Handle ID: 0x15cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ard-japanese_nec-at_31bf3856ad364e35_10.0.19041.1_none_fe6c4c99334ffebe\kbdnecat.dll Handle ID: 0x15d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..d-japanese_nec98-nt_31bf3856ad364e35_10.0.19041.1_none_f4128cf9684c5e2a\kbdnecnt.dll Handle ID: 0x15d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000414_31bf3856ad364e35_10.0.19041.1_none_9e87b09102ba673b\KBDNO.DLL Handle ID: 0x15d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000043b_31bf3856ad364e35_10.0.19041.1_none_b2edcd44f59d6abf\KBDNO1.DLL Handle ID: 0x15dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000046c_31bf3856ad364e35_10.0.19041.1_none_b35f101af554bc29\KBDNSO.DLL Handle ID: 0x15e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020c00_31bf3856ad364e35_10.0.19041.1_none_e32d4048e8d61ce9\KBDNTL.DLL Handle ID: 0x15e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-base_31bf3856ad364e35_10.0.19041.1_none_de146f6286602c80\gpsvc.dll Handle ID: 0x15e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000d0c00_31bf3856ad364e35_10.0.19041.1_none_bf168a08492dd20b\KBDOLCH.DLL Handle ID: 0x15ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000f0c00_31bf3856ad364e35_10.0.19041.1_none_0553121a2e500c7d\KBDOLDIT.DLL Handle ID: 0x15f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00040c00_31bf3856ad364e35_10.0.19041.1_none_2969c85acdf8575b\KBDOGHAM.DLL Handle ID: 0x15f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00150c00_31bf3856ad364e35_10.0.19041.1_none_b5ba712bda30c333\KBDOSA.DLL Handle ID: 0x15f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000e0c00_31bf3856ad364e35_10.0.19041.1_none_6234ce113bbeef44\KBDOSM.DLL Handle ID: 0x15fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000463_31bf3856ad364e35_10.0.19041.1_none_9e15b77b0303e2d9\KBDPASH.DLL Handle ID: 0x1600 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000a0c00_31bf3856ad364e35_10.0.19041.1_none_d5bbbded717a7a60\kbdphags.dll Handle ID: 0x1604 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010415_31bf3856ad364e35_10.0.19041.1_none_42177bc7f50288fb\KBDPL.DLL Handle ID: 0x1608 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000415_31bf3856ad364e35_10.0.19041.1_none_9ef937bf02716bc2\KBDPL1.DLL Handle ID: 0x160c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000816_31bf3856ad364e35_10.0.19041.1_none_9f6ec0150224d5a5\KBDPO.DLL Handle ID: 0x1610 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000418_31bf3856ad364e35_10.0.19041.1_none_a04dcd4901967957\KBDRO.DLL Handle ID: 0x1614 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020418_31bf3856ad364e35_10.0.19041.1_none_e68a555ae6b8b3c9\KBDROPR.DLL Handle ID: 0x1618 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000419_31bf3856ad364e35_10.0.19041.1_none_a0bf5477014d7dde\KBDRU.DLL Handle ID: 0x161c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010418_31bf3856ad364e35_10.0.19041.1_none_436c1151f4279690\KBDROST.DLL Handle ID: 0x1620 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010419_31bf3856ad364e35_10.0.19041.1_none_43dd987ff3de9b17\KBDRU1.DLL Handle ID: 0x900 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdsf_31bf3856ad364e35_10.0.19041.1_none_344caa53b418a930\KBDSF.DLL Handle ID: 0x914 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020419_31bf3856ad364e35_10.0.19041.1_none_e6fbdc88e66fb850\KBDRUM.DLL Handle ID: 0x8f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000807_31bf3856ad364e35_10.0.19041.1_none_9fe05e0b01dbc08b\KBDSG.DLL Handle ID: 0x7c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041b_31bf3856ad364e35_10.0.19041.1_none_b2edfad4f59d377d\KBDSL.DLL Handle ID: 0x910 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001041b_31bf3856ad364e35_10.0.19041.1_none_560c3edde82e54b6\KBDSL1.DLL Handle ID: 0x904 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0002083b_31bf3856ad364e35_10.0.19041.1_none_f92e567edabc0a8d\KBDSMSFI.DLL Handle ID: 0x908 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000045b_31bf3856ad364e35_10.0.19041.1_none_b2ed9fb4f59d9e01\KBDSN1.DLL Handle ID: 0xa8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001043b_31bf3856ad364e35_10.0.19041.1_none_560c114de82e87f8\KBDSMSNO.DLL Handle ID: 0x85c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00100c00_31bf3856ad364e35_10.0.19041.1_none_86231cff1d5b3116\KBDSORA.DLL Handle ID: 0x860 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001042e_31bf3856ad364e35_10.0.19041.1_none_5760bd9fe7537bec\KBDSOREX.DLL Handle ID: 0x1598 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0002042e_31bf3856ad364e35_10.0.19041.1_none_fa7f01a8d9e49925\KBDSORS1.DLL Handle ID: 0x90c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042e_31bf3856ad364e35_10.0.19041.1_none_b4427996f4c25eb3\KBDSORST.DLL Handle ID: 0xbe0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040a_31bf3856ad364e35_10.0.19041.1_none_b27c8a6ef5e61955\KBDSP.DLL Handle ID: 0xbdc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041d_31bf3856ad364e35_10.0.19041.1_none_b3d10930f50b408b\KBDSW.DLL Handle ID: 0xbd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001045b_31bf3856ad364e35_10.0.19041.1_none_560be3bde82ebb3a\KBDSW09.DLL Handle ID: 0xbe4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000045a_31bf3856ad364e35_10.0.19041.1_none_b27c1886f5e6997a\KBDSYR1.DLL Handle ID: 0x8f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001045a_31bf3856ad364e35_10.0.19041.1_none_559a5c8fe877b6b3\KBDSYR2.DLL Handle ID: 0x8f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00030c00_31bf3856ad364e35_10.0.19041.1_none_864b8451db673a22\KBDTAILE.DLL Handle ID: 0xbe8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000428_31bf3856ad364e35_10.0.19041.1_none_a04db681019692f8\KBDTAJIK.DLL Handle ID: 0x1624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020449_31bf3856ad364e35_10.0.19041.1_none_e6fb9830e6700533\KBDTAM99.DLL Handle ID: 0x162c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000444_31bf3856ad364e35_10.0.19041.1_none_9e876c3902bab41e\KBDTAT.DLL Handle ID: 0x1630 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041e_31bf3856ad364e35_10.0.19041.1_none_b442905ef4c24512\KBDTH0.DLL Handle ID: 0x1634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001041e_31bf3856ad364e35_10.0.19041.1_none_5760d467e753624b\KBDTH1.DLL Handle ID: 0x1638 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0002041e_31bf3856ad364e35_10.0.19041.1_none_fa7f1870d9e47f84\KBDTH2.DLL Handle ID: 0x163c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0003041e_31bf3856ad364e35_10.0.19041.1_none_9d9d5c79cc759cbd\KBDTH3.DLL Handle ID: 0xbec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000105f_31bf3856ad364e35_10.0.19041.1_none_b4a4eb58f48566b2\KBDTIFI.DLL Handle ID: 0x1628 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001105f_31bf3856ad364e35_10.0.19041.1_none_57c32f61e71683eb\KBDTIFI2.DLL Handle ID: 0xbf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000451_31bf3856ad364e35_10.0.19041.1_none_9d32bfe70395c02a\KBDTIPRC.DLL Handle ID: 0x1640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010451_31bf3856ad364e35_10.0.19041.1_none_405103eff626dd63\KBDTIPRD.DLL Handle ID: 0xbf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010444_31bf3856ad364e35_10.0.19041.1_none_41a5b041f54bd157\KBDTT102.DLL Handle ID: 0x1644 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001041f_31bf3856ad364e35_10.0.19041.1_none_57d25b95e70a66d2\KBDTUF.DLL Handle ID: 0x164c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041f_31bf3856ad364e35_10.0.19041.1_none_b4b4178cf4794999\KBDTUQ.DLL Handle ID: 0x1650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000442_31bf3856ad364e35_10.0.19041.1_none_9da45ddd034cab10\KBDTURME.DLL Handle ID: 0x1654 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000085f_31bf3856ad364e35_10.0.19041.1_none_b4b7bd94f4761579\KBDTZM.DLL Handle ID: 0x1658 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000480_31bf3856ad364e35_10.0.19041.1_none_9cc0f46103df0886\KBDUGHR.DLL Handle ID: 0x165c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010480_31bf3856ad364e35_10.0.19041.1_none_3fdf3869f67025bf\KBDUGHR1.DLL Handle ID: 0x1660 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000809_31bf3856ad364e35_10.0.19041.1_none_a0c36c670149c999\KBDUK.DLL Handle ID: 0x1664 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000422_31bf3856ad364e35_10.0.19041.1_none_9da48b6d034c77ce\KBDUR.DLL Handle ID: 0x1668 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000452_31bf3856ad364e35_10.0.19041.1_none_9da44715034cc4b1\KBDUKX.DLL Handle ID: 0x166c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020422_31bf3856ad364e35_10.0.19041.1_none_e3e1137ee86eb240\KBDUR1.DLL Handle ID: 0x1670 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000420_31bf3856ad364e35_10.0.19041.1_none_9cc17d1103de6ec0\KBDURDU.DLL Handle ID: 0x1674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdus_31bf3856ad364e35_10.0.19041.1_none_34a329b3b3f01d7b\KBDUS.DLL Handle ID: 0x1678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00050409_31bf3856ad364e35_10.0.19041.1_none_d056bf6bbe22f65a\KBDUSA.DLL Handle ID: 0x167c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00030409_31bf3856ad364e35_10.0.19041.1_none_8a1a3759d900bbe8\KBDUSL.DLL Handle ID: 0x1680 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00040409_31bf3856ad364e35_10.0.19041.1_none_2d387b62cb91d921\KBDUSR.DLL Handle ID: 0x1684 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020409_31bf3856ad364e35_10.0.19041.1_none_e6fbf350e66f9eaf\KBDUSX.DLL Handle ID: 0x168c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000843_31bf3856ad364e35_10.0.19041.1_none_9e19e633030014f3\KBDUZB.DLL Handle ID: 0x1690 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042a_31bf3856ad364e35_10.0.19041.1_none_b27c5cdef5e64c97\KBDVNTC.DLL Handle ID: 0x1694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000488_31bf3856ad364e35_10.0.19041.1_none_a04d2dd101972cbe\KBDWOL.DLL Handle ID: 0x1698 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000485_31bf3856ad364e35_10.0.19041.1_none_9ef8984702721f29\KBDYAK.DLL Handle ID: 0x169c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000046a_31bf3856ad364e35_10.0.19041.1_none_b27c01bef5e6b31b\KBDYBA.DLL Handle ID: 0x16a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000c1a_31bf3856ad364e35_10.0.19041.1_none_b2ab813cf5bbd9ef\KBDYCC.DLL Handle ID: 0x16a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000081a_31bf3856ad364e35_10.0.19041.1_none_b28074cef5e29852\KBDYCL.DLL Handle ID: 0x16a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ggertransport-local_31bf3856ad364e35_10.0.19041.1_none_8f235c7e147ee665\kd.dll Handle ID: 0x16ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.gdiplus.systemcopy_31bf3856ad364e35_10.0.19041.1_none_9ccba408956b0a79\GdiPlus.dll Handle ID: 0x16b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_10.0.19041.1_none_c7a69aa24c087590\kdcom.dll Handle ID: 0x16bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_10.0.19041.1_none_536eb71ea9e4ee4e\kdusb.dll Handle ID: 0x16c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..2-filesystemsupport_31bf3856ad364e35_10.0.19041.1_none_37aa805b045f83ee\imapi2fs.dll Handle ID: 0x16c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:43 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kdscli-dll_31bf3856ad364e35_10.0.19041.1_none_f4cb1971d081d8b0\KdsCli.dll Handle ID: 0x16c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ggertransport-kdnet_31bf3856ad364e35_10.0.19041.1_none_9358d67af855fc5a\kdnet.dll Handle ID: 0x16cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernel-appcore_31bf3856ad364e35_10.0.19041.1_none_8166005f4d2d63db\kernel.appcore.dll Handle ID: 0x16d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-transactionmanagerapi_31bf3856ad364e35_10.0.19041.1_none_0cc85d8f7355a218\ktmw32.dll Handle ID: 0x16d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lmhsvc_31bf3856ad364e35_10.0.19041.1_none_08b1f5ea8fb3c15e\lmhsvc.dll Handle ID: 0x16dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\kmddsp.tsp Handle ID: 0x16e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-credential-manager_31bf3856ad364e35_10.0.19041.1_none_0787d10826b57780\KeyCredMgr.dll Handle ID: 0x16e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_10.0.19041.1_none_ee563fa044b1982d\linkinfo.dll Handle ID: 0x16e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.1_none_5fc425fbf9e3e3c7\lpk.dll Handle ID: 0x16ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\diagtrack.dll Handle ID: 0x16f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\KerbClientShared.dll Handle ID: 0x16f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ty-cng-keyisolation_31bf3856ad364e35_10.0.19041.1_none_7a2da9ef95775e3e\keyiso.dll Handle ID: 0x16f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.19041.1_none_adf98e02f565c8fe\lodctr.exe Handle ID: 0x16fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lz32_31bf3856ad364e35_10.0.19041.1_none_48808abec8c68810\lz32.dll Handle ID: 0x1700 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.19041.1_none_adf98e02f565c8fe\loadperf.dll Handle ID: 0x1704 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..e-defaultcasingfile_31bf3856ad364e35_10.0.19041.1_none_2a00643c2ee8c04e\l_intl.nls Handle ID: 0x1708 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-luainstaller_31bf3856ad364e35_10.0.19041.1_none_cea77efa07a8d777\luainstall.dll Handle ID: 0x1710 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.19041.1_none_f35caf2131abed9a\lsass.exe Handle ID: 0x1714 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..update-authenticamd_31bf3856ad364e35_10.0.19041.1_none_b394a541f0f74e29\mcupdate_AuthenticAMD.dll Handle ID: 0x1718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.19041.1_none_cffda9bf5435db63\mcbuilder.exe Handle ID: 0x171c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ity-netlogon-netapi_31bf3856ad364e35_10.0.19041.1_none_8926f863f55772dc\logoncli.dll Handle ID: 0x1720 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.1_none_613e4ed2b91d35a0\mapistub.dll Handle ID: 0x93c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.1_none_613e4ed2b91d35a0\mapi32.dll Handle ID: 0x920 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_10.0.19041.1_none_2d5ce59ebb69983c\mf3216.dll Handle ID: 0x938 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ry-events-container_31bf3856ad364e35_10.0.19041.1_none_22ebbcab228602a4\microsoft-windows-battery-events.dll Handle ID: 0x924 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hal-events-container_31bf3856ad364e35_10.0.19041.1_none_dc3655c7fbc74cb6\microsoft-windows-hal-events.dll Handle ID: 0x940 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..np-events-container_31bf3856ad364e35_10.0.19041.1_none_9bb23eb22636b86f\microsoft-windows-kernel-pnp-events.dll Handle ID: 0x1728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_10.0.19041.1_none_a7d55464cb694584\esent.dll Handle ID: 0x172c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernel32_31bf3856ad364e35_10.0.19041.1_none_49aef2c4f5a90f29\kernel32.dll Handle ID: 0x1730 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-pdc-events-container_31bf3856ad364e35_10.0.19041.1_none_7eaa31884cc78e84\microsoft-windows-pdc.dll Handle ID: 0x944 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..dy-events-container_31bf3856ad364e35_10.0.19041.1_none_631eb8f0ee70e58f\microsoft-windows-sleepstudy-events.dll Handle ID: 0x6bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ng-events-container_31bf3856ad364e35_10.0.19041.1_none_f76b1f55769df05d\microsoft-windows-storage-tiering-events.dll Handle ID: 0x934 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..er-events-container_31bf3856ad364e35_10.0.19041.1_none_873aec9d858835ad\microsoft-windows-kernel-processor-power-events.dll Handle ID: 0x16d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l..ncontroller-library_31bf3856ad364e35_10.0.19041.1_none_68c9f3cc78492112\LogonController.dll Handle ID: 0x928 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..er-events-container_31bf3856ad364e35_10.0.19041.1_none_81f50f6430eb73f8\microsoft-windows-kernel-power-events.dll Handle ID: 0x930 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_10.0.19041.1_none_9cc7eaaf502b1673\kerberos.dll Handle ID: 0x7e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..update-genuineintel_31bf3856ad364e35_10.0.19041.1_none_72b119e551aad4bf\mcupdate_GenuineIntel.dll Handle ID: 0x92c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\mode.com Handle ID: 0x798 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.19041.1_none_684a86f0f0d0d27d\mountvol.exe Handle ID: 0x1688 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-more_31bf3856ad364e35_10.0.19041.1_none_624b5deeb86c35b8\more.com Handle ID: 0x778 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_10.0.19041.1_none_20a93e5d48a3484c\locale.nls Handle ID: 0x634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_10.0.19041.1_none_5b35da44a9e83608\lsm.dll Handle ID: 0x8a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mpr-extension_31bf3856ad364e35_10.0.19041.1_none_52b80f2a944ed98e\mprext.dll Handle ID: 0x76c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-legacy-afd_31bf3856ad364e35_10.0.19041.1_none_a17800e0534fdefb\msafd.dll Handle ID: 0xbfc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\MRINFO.EXE Handle ID: 0xbf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msasn1_31bf3856ad364e35_10.0.19041.1_none_7d4b234e44bee9a6\msasn1.dll Handle ID: 0x1648 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mpr_31bf3856ad364e35_10.0.19041.1_none_63c6d6f5f74ed81c\mpr.dll Handle ID: 0x1724 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mscat32-dll_31bf3856ad364e35_10.0.19041.1_none_36d5217abee2f5a1\mscat32.dll Handle ID: 0x954 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mprmsg_31bf3856ad364e35_10.0.19041.1_none_c97f01cdf2c089c3\mprmsg.dll Handle ID: 0x918 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_10.0.19041.1_none_7d3387d217cafb37\msaudite.dll Handle ID: 0x950 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-installer-liteconfig_31bf3856ad364e35_10.0.19041.1_none_397b5d762ff64ec6\msiltcfg.dll Handle ID: 0xc04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_10.0.19041.1_none_2d5ce59ebb69983c\msimg32.dll Handle ID: 0x94c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setup-mbr2gpt_31bf3856ad364e35_10.0.19041.1_none_aca2fbdd5d4a9b4b\MBR2GPT.EXE Handle ID: 0x91c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mskeyprotect-dll_31bf3856ad364e35_10.0.19041.1_none_884589516eda6fc2\mskeyprotect.dll Handle ID: 0x6b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..em-events-container_31bf3856ad364e35_10.0.19041.1_none_5e488bfdad33bddc\microsoft-windows-system-events.dll Handle ID: 0xc08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mprapi_31bf3856ad364e35_10.0.19041.1_none_c9fd926ff26221b4\mprapi.dll Handle ID: 0x1734 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_10.0.19041.1_none_7d3387d217cafb37\msobjs.dll Handle ID: 0x948 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_10.0.19041.1_none_f61d759c251ca03d\mspatcha.dll Handle ID: 0x1738 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msls31_31bf3856ad364e35_11.0.19041.1_none_b5e25c12acab223d\msls31.dll Handle ID: 0x173c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs_31bf3856ad364e35_10.0.19041.1_none_c209fe961ac36102\msprivs.dll Handle ID: 0xc10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_10.0.19041.1_none_f61d759c251ca03d\msdelta.dll Handle ID: 0x1740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.0.19041.1_none_318632b596bb9495\msIso.dll Handle ID: 0x1744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msports_31bf3856ad364e35_10.0.19041.1_none_430e27fc8ea24011\msports.dll Handle ID: 0x650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mssip32-dll_31bf3856ad364e35_10.0.19041.1_none_2c52442438dc16e5\mssip32.dll Handle ID: 0x1748 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_10.0.19041.1_none_f61d759c251ca03d\mspatchc.dll Handle ID: 0x174c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_10.0.19041.1_none_5c3b9845fc28beb1\lsasrv.dll Handle ID: 0x1750 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mssign32-dll_31bf3856ad364e35_10.0.19041.1_none_8024db0279cb1a30\mssign32.dll Handle ID: 0x638 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.0.19041.1_none_318632b596bb9495\iertutil.dll Handle ID: 0x1754 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msvcirt_31bf3856ad364e35_10.0.19041.1_none_16ae31663d668d51\msvcirt.dll Handle ID: 0x1758 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mfc42x_31bf3856ad364e35_10.0.19041.1_none_a905dbc4f4ec3f95\mfc42.dll Handle ID: 0x175c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml30_31bf3856ad364e35_10.0.19041.1_none_3e5f4e1e3633a8b7\msxml3r.dll Handle ID: 0x708 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\MPSSVC.dll Handle ID: 0x1760 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml60_31bf3856ad364e35_10.0.19041.1_none_3e5f09c63633f59a\msxml6r.dll Handle ID: 0x1768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..mplus-runtime-mtxdm_31bf3856ad364e35_10.0.19041.1_none_cde1256472ca12a8\mtxdm.dll Handle ID: 0x176c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_10.0.19041.1_none_32a3fa5701e84993\msv1_0.dll Handle ID: 0x1770 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mfc42x_31bf3856ad364e35_10.0.19041.1_none_a905dbc4f4ec3f95\mfc42u.dll Handle ID: 0x1774 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-registrysettings_31bf3856ad364e35_10.0.19041.1_none_4ba260bf507a307f\muifontsetup.dll Handle ID: 0x1778 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msvcp110_31bf3856ad364e35_10.0.19041.1_none_a3a75889107393de\msvcp110_win.dll Handle ID: 0x177c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.19041.1_none_540191f5bdbc78d5\nbtstat.exe Handle ID: 0x6a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_10.0.19041.1_none_6e446489cca94509\mswsock.dll Handle ID: 0x8fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.19041.1_none_2bb4bd9d8e22a014\msctf.dll Handle ID: 0x1764 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\ncpa.cpl Handle ID: 0x640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netcoinstaller_31bf3856ad364e35_10.0.19041.1_none_ad135b999c9056d4\nci.dll Handle ID: 0x1780 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msvcp60_31bf3856ad364e35_10.0.19041.1_none_f892a21450bd091a\msvcp60.dll Handle ID: 0x1784 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.19041.1_none_874643a43e43a428\msvcrt.dll Handle ID: 0x6a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.19041.1_none_760acfd88cf7390d\MuiUnattend.exe Handle ID: 0x1788 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_c76758d7f0069e2e\ndadmin.exe Handle ID: 0x178c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ucrt_31bf3856ad364e35_10.0.19041.1_none_61b242cab8dd7003\msvcp_win.dll Handle ID: 0x1794 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netbios-netapi_31bf3856ad364e35_10.0.19041.1_none_8e501828f05c3499\netbios.dll Handle ID: 0x1798 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ncryptsslp-dll_31bf3856ad364e35_10.0.19041.1_none_7262ec3c43ce9980\ncryptsslp.dll Handle ID: 0x179c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netapi32_31bf3856ad364e35_10.0.19041.1_none_43252896a0ed64ad\netapi32.dll Handle ID: 0x17a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_10.0.19041.1_none_13cf631590f9951e\ncrypt.dll Handle ID: 0x17a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.19041.1_none_1655d5e596a1ade0\netbtugc.exe Handle ID: 0x17a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.19041.1_none_08235f0411d49656\neth.dll Handle ID: 0x17ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.19041.1_none_08235f0411d49656\net.exe Handle ID: 0x17b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.19041.1_none_c61fe93bf0d70d90\netcfg.exe Handle ID: 0x17b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip_31bf3856ad364e35_10.0.19041.1_none_1776a3602eb73133\netiougc.exe Handle ID: 0x17b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.19041.1_none_261347e51dc74dc1\NetCfgNotifyObjectHost.exe Handle ID: 0x17bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-basic-misc-tools_31bf3856ad364e35_10.0.19041.1_none_cd4dc4f45ec915f2\netmsg.dll Handle ID: 0x17c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.19041.1_none_3ccd00f4f3f0b0c9\net1.exe Handle ID: 0x17c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_3c399a5aad834072\NetDriverInstall.dll Handle ID: 0x17c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_10.0.19041.1_none_f405f4e7c4e54d09\netcfgx.dll Handle ID: 0x17cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..provision-framework_31bf3856ad364e35_10.0.19041.1_none_10c3a4066f0f6d99\netprovfw.dll Handle ID: 0x17d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netjoin_31bf3856ad364e35_10.0.19041.1_none_0d4b2cd40c249c64\netjoin.dll Handle ID: 0x17d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ncryptprov-dll_31bf3856ad364e35_10.0.19041.1_none_d466de7d3371ee7b\ncryptprov.dll Handle ID: 0x17d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\netiohlp.dll Handle ID: 0x17dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_3c399a5aad834072\NetSetupApi.dll Handle ID: 0xc20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\NETSTAT.EXE Handle ID: 0x7ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netutils_31bf3856ad364e35_10.0.19041.1_none_e60a1b22e9766a75\netutils.dll Handle ID: 0x6c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.19041.1_none_159203c1973658cd\netsh.exe Handle ID: 0xc1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_c76758d7f0069e2e\newdev.exe Handle ID: 0x6b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-ngc-local_31bf3856ad364e35_10.0.19041.1_none_bf0751ae6aaa2db0\ngclocal.dll Handle ID: 0xc18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_10.0.19041.1_none_1d77034aaa47cbe0\nlaapi.dll Handle ID: 0x6ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-setup_31bf3856ad364e35_10.0.19041.1_none_5dd26c4f87bf6b87\NetSetupSvc.dll Handle ID: 0x1790 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nal-nlsdownleveldll_31bf3856ad364e35_10.0.19041.1_none_be9a10dff760abf5\Nlsdl.dll Handle ID: 0x6c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normaliz.dll Handle ID: 0xc24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_c76758d7f0069e2e\newdev.dll Handle ID: 0x17e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_10.0.19041.1_none_1d77034aaa47cbe0\ncsi.dll Handle ID: 0x6c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normnfc.nls Handle ID: 0x17e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normidna.nls Handle ID: 0x17ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normnfd.nls Handle ID: 0xc28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1_none_dcf385d753f19715\KernelBase.dll Handle ID: 0x17f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lmhsvc_31bf3856ad364e35_10.0.19041.1_none_08b1f5ea8fb3c15e\nrpsrv.dll Handle ID: 0x17f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normnfkd.nls Handle ID: 0x17f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normnfkc.nls Handle ID: 0x6cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.19041.1_none_261347e51dc74dc1\NetSetupShim.dll Handle ID: 0x17fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1_none_f61301ca804606c1\dbgeng.dll Handle ID: 0x1804 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_2853306366d1671d\nsisvc.dll Handle ID: 0x180c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_2853306366d1671d\nsi.dll Handle ID: 0x1810 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\netshell.dll Handle ID: 0x1814 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..atform-input-ninput_31bf3856ad364e35_10.0.19041.1_none_74ab4b3f5126f808\ninput.dll Handle ID: 0x1818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\NtlmShared.dll Handle ID: 0x181c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntlanman_31bf3856ad364e35_10.0.19041.1_none_e602234881fda6ca\ntlanman.dll Handle ID: 0x1820 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_10.0.19041.1_none_1d77034aaa47cbe0\nlasvc.dll Handle ID: 0x1824 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_10.0.19041.1_none_b3a8c4c6d7576ed2\netlogon.dll Handle ID: 0x1828 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_10.0.19041.1_none_84ce53e99093d752\ntdsapi.dll Handle ID: 0x182c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_3c399a5aad834072\NetSetupEngine.dll Handle ID: 0x1834 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntasn1-dll_31bf3856ad364e35_10.0.19041.1_none_7024fd8a6432413d\ntasn1.dll Handle ID: 0x1838 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-ntmarta_31bf3856ad364e35_10.0.19041.1_none_31778f2b2eff24cd\ntmarta.dll Handle ID: 0x183c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1_none_a5f487c01cc9bd1f\ntprint.exe Handle ID: 0x1840 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml30_31bf3856ad364e35_10.0.19041.1_none_3e5f4e1e3633a8b7\msxml3.dll Handle ID: 0x1844 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_10.0.19041.1_none_431c11f7f4924730\odbccp32.dll Handle ID: 0x1848 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_10.0.19041.1_none_5c3b9845fc28beb1\offlinelsa.dll Handle ID: 0x1850 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-oleacc_31bf3856ad364e35_10.0.19041.1_none_2075cb51c1c141fe\oleacchooks.dll Handle ID: 0x1854 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-oleaccrc_31bf3856ad364e35_10.0.19041.1_none_2f1afcd226c0a441\oleaccrc.dll Handle ID: 0x1858 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..drivermanager-trace_31bf3856ad364e35_10.0.19041.1_none_356499fce0d78c44\odbctrac.dll Handle ID: 0x185c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..c-drivermanager-rll_31bf3856ad364e35_10.0.19041.1_none_c58c60d589c83177\odbcint.dll Handle ID: 0x1860 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_10.0.19041.1_none_67df66e1405214df\offlinesam.dll Handle ID: 0x1868 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-core_tools_31bf3856ad364e35_10.0.19041.1_none_c1fb2da756eec2d8\osuninst.dll Handle ID: 0x186c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1_none_a5f487c01cc9bd1f\ntprint.dll Handle ID: 0x1870 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.19041.1_none_745ae7f5de0c5438\pacjsworker.exe Handle ID: 0x1874 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.19041.1_none_5f22b28b2f384ed0\PATHPING.EXE Handle ID: 0x1878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.19041.1_none_2311dc3012116c15\OpenWith.exe Handle ID: 0x187c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pcw-minwin_31bf3856ad364e35_10.0.19041.1_none_44cf9efdc8d655cc\pcwum.dll Handle ID: 0x1880 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntshrui_31bf3856ad364e35_10.0.19041.1_none_1200bbf49bbc4b88\ntshrui.dll Handle ID: 0x1888 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_10.0.19041.1_none_e7644b46fc775913\perfctrs.dll Handle ID: 0x188c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_10.0.19041.1_none_e7644b46fc775913\perfdisk.dll Handle ID: 0x1890 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_10.0.19041.1_none_e7644b46fc775913\perfnet.dll Handle ID: 0x1894 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_10.0.19041.1_none_e7644b46fc775913\perfos.dll Handle ID: 0x1898 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-oleacc_31bf3856ad364e35_10.0.19041.1_none_2075cb51c1c141fe\oleacc.dll Handle ID: 0x189c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.19041.1_none_5f22b28b2f384ed0\PING.EXE Handle ID: 0x18a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_10.0.19041.1_none_e7644b46fc775913\perfproc.dll Handle ID: 0x18a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..allationgrouppolicy_31bf3856ad364e35_10.0.19041.1_none_2d90812cae0d32b2\pnppolicy.dll Handle ID: 0xc7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..c-drivermanager-dll_31bf3856ad364e35_10.0.19041.1_none_c623bfbd8956aa49\odbc32.dll Handle ID: 0xc78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpui_31bf3856ad364e35_10.0.19041.1_none_14c89eddcaa6f765\pnpui.dll Handle ID: 0xc74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpclean_31bf3856ad364e35_10.0.19041.1_none_57335aba20737dae\pnpclean.dll Handle ID: 0xc70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-security-winpe_31bf3856ad364e35_10.0.19041.1_none_9bfa2f37b63d1ea6\nshwfp.dll Handle ID: 0xc6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.19041.1_none_5c82be53abe61670\PnPUnattend.exe Handle ID: 0xc68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_a2c8d19f92a1cc22\PkgMgr.exe Handle ID: 0xc64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..structure-minkernel_31bf3856ad364e35_10.0.19041.1_none_8ee60f0d56272cb2\prflbmsg.dll Handle ID: 0xc5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\print.exe Handle ID: 0xc58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.19041.1_none_bf4cc5bb201caae3\powercfg.exe Handle ID: 0xca0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecorecommonproxystub_31bf3856ad364e35_10.0.19041.1_none_ec940f9ab15de0f1\OneCoreCommonProxyStub.dll Handle ID: 0xc54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msftedit_31bf3856ad364e35_10.0.19041.1_none_8bc20689d68f136f\msftedit.dll Handle ID: 0xc50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-profapi-onecore_31bf3856ad364e35_10.0.19041.1_none_bc0d9057164c1e84\profapi.dll Handle ID: 0xc4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces_31bf3856ad364e35_10.0.19041.1_none_1c2a0fb54ce86e17\mispace.dll Handle ID: 0xc44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_10.0.19041.1_none_590aabe49c35e5ec\powrprof.dll Handle ID: 0x754 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-basedependencies_31bf3856ad364e35_10.0.19041.1_none_b892ff47c82ceebb\psapi.dll Handle ID: 0x758 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.1_none_c5cb0c3a04b0a5de\rasadhlp.dll Handle ID: 0xcbc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.19041.1_none_b354d0155be50ce9\pnputil.exe Handle ID: 0xcb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\polstore.dll Handle ID: 0xcb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_10.0.19041.1_none_72f138119ad7b9a3\oleaut32.dll Handle ID: 0xcb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userenvext_31bf3856ad364e35_10.0.19041.1_none_1f2f309a83ac8d50\profext.dll Handle ID: 0xcac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pshed_31bf3856ad364e35_10.0.19041.1_none_11e3f0d3cc72158f\PSHED.DLL Handle ID: 0xca8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml60_31bf3856ad364e35_10.0.19041.1_none_3e5f09c63633f59a\msxml6.dll Handle ID: 0xca4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.1_none_c5cb0c3a04b0a5de\rasautou.exe Handle ID: 0xc9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasctrs_31bf3856ad364e35_10.0.19041.1_none_ca0f264315c5eebb\rasctrs.dll Handle ID: 0xc98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-raschap_31bf3856ad364e35_10.0.19041.1_none_c8b0108916a9fd61\raschapext.dll Handle ID: 0xce0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\rasdiag.dll Handle ID: 0xcdc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.1_none_c5cb0c3a04b0a5de\rasauto.dll Handle ID: 0xcd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-raschap_31bf3856ad364e35_10.0.19041.1_none_70e1de7eb854e747\raschap.dll Handle ID: 0xcd4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1_none_bf506ecc66a800df\poqexec.exe Handle ID: 0xcd0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..-rasmobilitymanager_31bf3856ad364e35_10.0.19041.1_none_e215bd1181370d15\rasmbmgr.dll Handle ID: 0xccc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasman_31bf3856ad364e35_10.0.19041.1_none_2297579fef520c4f\rasman.dll Handle ID: 0xcc8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_10.0.19041.1_none_620eb4df91aee6ff\ole32.dll Handle ID: 0xcc0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.19041.1_none_1102b0871cbfcf0b\rdrleakdiag.exe Handle ID: 0xc38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.19041.1_none_3c045b5253f885ed\recover.exe Handle ID: 0xd00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-profsvc_31bf3856ad364e35_10.0.19041.1_none_b1a264f0d20a9224\profsvc.dll Handle ID: 0xcfc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.19041.1_none_e7854180ca0cff60\reg.exe Handle ID: 0xcf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rastapi_31bf3856ad364e35_10.0.19041.1_none_c4d537dd193a87bf\rastapi.dll Handle ID: 0xcf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.1_none_aa1fc2e87b362d12\regedt32.exe Handle ID: 0xcf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasmontr_31bf3856ad364e35_10.0.19041.1_none_38817b2f02f70ba5\rasmontr.dll Handle ID: 0xcec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasppp-noneap_31bf3856ad364e35_10.0.19041.1_none_3417c64be08d70ab\rasppp.dll Handle ID: 0x958 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rastls_31bf3856ad364e35_10.0.19041.1_none_22563971ef8166c8\rastlsext.dll Handle ID: 0xce4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.19041.1_none_2e482ad4cee11ead\regsvr32.exe Handle ID: 0x710 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\replace.exe Handle ID: 0x960 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-riched32_31bf3856ad364e35_10.0.19041.1_none_52f1c15a21f92b4b\riched32.dll Handle ID: 0x734 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\ROUTE.EXE Handle ID: 0x964 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_10.0.19041.1_none_92265dee13580837\printui.dll Handle ID: 0x6fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..rvices-registryapis_31bf3856ad364e35_10.0.19041.1_none_5a433555c15933ce\regapi.dll Handle ID: 0xd10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-rastls_31bf3856ad364e35_10.0.19041.1_none_e42068617a44f942\rastls.dll Handle ID: 0xd0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rpc-remote-extension_31bf3856ad364e35_10.0.19041.1_none_7f3bbe9e11693717\RpcRtRemote.dll Handle ID: 0xd08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rpc-endpointmapper_31bf3856ad364e35_10.0.19041.1_none_00838c0981f40351\RpcEpMap.dll Handle ID: 0xd04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasdlg_31bf3856ad364e35_10.0.19041.1_none_23044991eefe742c\rasdlg.dll Handle ID: 0x760 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.19041.1_none_7cf83d048bc1c334\Robocopy.exe Handle ID: 0xc40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_10.0.19041.1_none_c306a19489d81618\rtutils.dll Handle ID: 0x764 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ymanagementservices_31bf3856ad364e35_10.0.19041.1_none_a965d346967271f3\sacsess.exe Handle ID: 0xc3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.19041.1_none_8df65f134a48195f\rundll32.exe Handle ID: 0x6e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ymanagementservices_31bf3856ad364e35_10.0.19041.1_none_a965d346967271f3\sacsvr.dll Handle ID: 0x6d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\runexehelper.exe Handle ID: 0x6dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntdll_31bf3856ad364e35_10.0.19041.1_none_0ec7ebc59b8b3291\ntdll.dll Handle ID: 0xc34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_10.0.19041.1_none_3cb34e0d65889b5d\samcli.dll Handle ID: 0x6d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rsaenh-dll_31bf3856ad364e35_10.0.19041.1_none_15b81d4b50a1ff4f\rsaenh.dll Handle ID: 0xc30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-taskscheduler-netapi_31bf3856ad364e35_10.0.19041.1_none_bfb1cb1bd7650d41\schedcli.dll Handle ID: 0x6d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_10.0.19041.1_none_67df66e1405214df\samlib.dll Handle ID: 0xc2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecore-ras-base-vpn_31bf3856ad364e35_10.0.19041.1_none_d24e62087d8454d4\rasapi32.dll Handle ID: 0x1808 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-propsys_31bf3856ad364e35_7.0.19041.1_none_64de91323c1f66b7\propsys.dll Handle ID: 0x704 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_10.0.19041.1_none_78e285fc678d0c6a\sdhcinst.dll Handle ID: 0xc48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ider-interface-stub_31bf3856ad364e35_10.0.19041.1_none_521d1ee0ee1119c0\security.dll Handle ID: 0x808 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sens-client_31bf3856ad364e35_10.0.19041.1_none_b733bc4a5c7ec2a0\SensApi.dll Handle ID: 0x674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-secur32_31bf3856ad364e35_10.0.19041.1_none_9f10aaef0b855f59\secur32.dll Handle ID: 0x670 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasmanservice_31bf3856ad364e35_10.0.19041.1_none_54aea3c5400609d4\rasmans.dll Handle ID: 0x718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_winpe-smi-schema_31bf3856ad364e35_10.0.19041.1_none_3714029056abf671\schema.dat Handle ID: 0x66c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-riched32_31bf3856ad364e35_10.0.19041.1_none_52f1c15a21f92b4b\riched20.dll Handle ID: 0x624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setup-events_31bf3856ad364e35_10.0.19041.1_none_0757c56fb730ee50\setupetw.dll Handle ID: 0x664 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_10.0.19041.1_none_473895efd7bd22ae\resutils.dll Handle ID: 0x67c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..onment-windows-base_31bf3856ad364e35_10.0.19041.1_none_1b06d4b9c9ff52aa\setbcdlocale.dll Handle ID: 0x678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sfc_31bf3856ad364e35_10.0.19041.1_none_5d26d0cffb8f2bf3\sfc.dll Handle ID: 0x688 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_10.0.19041.1_none_edfeefdf7878f58d\scecli.dll Handle ID: 0x6e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_10.0.19041.1_none_e12fdac08aa3b840\sfc.exe Handle ID: 0x990 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sfc_31bf3856ad364e35_10.0.19041.1_none_5d26d0cffb8f2bf3\sfc_os.dll Handle ID: 0x99c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.19041.1_none_a0a8212dcec26473\refsutil.exe Handle ID: 0x62c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_10.0.19041.1_none_d8075891f4a05d3c\schannel.dll Handle ID: 0x744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_10.0.19041.1_none_6f15f13727f830cc\scesrv.dll Handle ID: 0x9a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-spp-client_31bf3856ad364e35_10.0.19041.1_none_4c8dff3e4afd3865\slc.dll Handle ID: 0x984 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces_31bf3856ad364e35_10.0.19041.1_none_1c2a0fb54ce86e17\smphost.dll Handle ID: 0x6f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-snmp-common-api_31bf3856ad364e35_10.0.19041.1_none_e90d02a70e50225c\snmpapi.dll Handle ID: 0x9a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-softpub-dll_31bf3856ad364e35_10.0.19041.1_none_998514c21e4acb23\softpub.dll Handle ID: 0x994 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sechost_31bf3856ad364e35_10.0.19041.1_none_3db3ea616c53bd3a\sechost.dll Handle ID: 0x6ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smss-minwin_31bf3856ad364e35_10.0.19041.1_none_3451e3c68828f3da\smss.exe Handle ID: 0x988 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shlwapi_31bf3856ad364e35_10.0.19041.1_none_afcabf88440c71c5\shlwapi.dll Handle ID: 0x6e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_10.0.19041.1_none_67df66e1405214df\samsrv.dll Handle ID: 0x70c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shutdownux_31bf3856ad364e35_10.0.19041.1_none_92b981e540b9be1a\shutdownux.dll Handle ID: 0x6f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spfileq_31bf3856ad364e35_10.0.19041.1_none_2ad7e3b15f1bd143\spfileq.dll Handle ID: 0x740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-apis_31bf3856ad364e35_10.0.19041.1_none_8618dfed22edf4fa\smbwmiv2.dll Handle ID: 0x97c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-spp-installer_31bf3856ad364e35_10.0.19041.1_none_6cc7deb04799a6c2\sppinst.dll Handle ID: 0x9b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spinf_31bf3856ad364e35_10.0.19041.1_none_1391a44117cab095\spinf.dll Handle ID: 0x73c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver_31bf3856ad364e35_10.0.19041.1_none_aee5f67c8a39040c\sscore.dll Handle ID: 0x974 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.19041.1_none_f509d2f29c00c5f0\services.exe Handle ID: 0x9ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_10.0.19041.1_none_69ebac9ae471d5da\rpcrt4.dll Handle ID: 0x6a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.19041.1_none_f35caf2131abed9a\sspisrv.dll Handle ID: 0x7f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-netapi_31bf3856ad364e35_10.0.19041.1_none_f69780c0efe91236\srvcli.dll Handle ID: 0x6f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..ion-legacy-stdole32_31bf3856ad364e35_10.0.19041.1_none_97c1bccbb75667d4\stdole32.tlb Handle ID: 0x65c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-spp-client_31bf3856ad364e35_10.0.19041.1_none_4c8dff3e4afd3865\sppc.dll Handle ID: 0x98c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\subst.exe Handle ID: 0x700 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ole-automation-stdole2_31bf3856ad364e35_10.0.19041.1_none_9ec7d0c7b852d04f\stdole2.tlb Handle ID: 0xcc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-swenumstreamci_31bf3856ad364e35_10.0.19041.1_none_75ea8c6db5441172\streamci.dll Handle ID: 0x9bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-svsvc_31bf3856ad364e35_10.0.19041.1_none_17a6e31f15350b24\svsvc.dll Handle ID: 0xd14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_a2c8d19f92a1cc22\SSShim.dll Handle ID: 0x968 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.19041.1_none_f35caf2131abed9a\sspicli.dll Handle ID: 0x96c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storprop_31bf3856ad364e35_10.0.19041.1_none_dc43c1fad0473bd8\Storprop.dll Handle ID: 0x690 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shcore_31bf3856ad364e35_10.0.19041.1_none_7c64ea87c09326a1\SHCore.dll Handle ID: 0x970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.19041.1_none_6bac6724a4ab4460\svchost.exe Handle ID: 0x738 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\sxshared.dll Handle ID: 0x68c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxssrv_31bf3856ad364e35_10.0.19041.1_none_1676e6f1569a7c76\sxssrv.dll Handle ID: 0x9b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs_31bf3856ad364e35_10.0.19041.1_none_643da99ff70141b5\sxstrace.exe Handle ID: 0x9b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-syssetup_31bf3856ad364e35_10.0.19041.1_none_26c19951371451d5\syssetup.dll Handle ID: 0x998 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_10.0.19041.1_none_0b6400a5af10cbc9\sysntfy.dll Handle ID: 0x6b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpsysprep_31bf3856ad364e35_10.0.19041.1_none_f7ae8900566fe5a3\sppnp.dll Handle ID: 0x63c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-rassstp_31bf3856ad364e35_10.0.19041.1_none_4fc2bd76874a036f\sstpsvc.dll Handle ID: 0x720 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver_31bf3856ad364e35_10.0.19041.1_none_aee5f67c8a39040c\srvsvc.dll Handle ID: 0x728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\TCPSVCS.EXE Handle ID: 0x724 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_10.0.19041.1_none_1fbbe97fdd3d84b7\rpcss.dll Handle ID: 0x72c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysclass_31bf3856ad364e35_10.0.19041.1_none_4f197ecd58b86218\sysclass.dll Handle ID: 0x714 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-takeown_31bf3856ad364e35_10.0.19041.1_none_afdc734db4fba076\takeown.exe Handle ID: 0xce8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-timebroker_31bf3856ad364e35_10.0.19041.1_none_83aef3bf11beb273\TimeBrokerClient.dll Handle ID: 0x730 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.19041.1_none_5f22b28b2f384ed0\TRACERT.EXE Handle ID: 0x95c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-tokenbinding_31bf3856ad364e35_10.0.19041.1_none_3310dd860975aa08\tokenbinding.dll Handle ID: 0xc94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\tree.com Handle ID: 0xc90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-legacytaskmanager_31bf3856ad364e35_10.0.19041.1_none_b9a47a3e029c0ac8\taskmgr.exe Handle ID: 0xd74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-timebroker_31bf3856ad364e35_10.0.19041.1_none_83aef3bf11beb273\TimeBrokerServer.dll Handle ID: 0xd70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tapi2xclient_31bf3856ad364e35_10.0.19041.1_none_7e6778bbdef42354\tapi32.dll Handle ID: 0xd6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_10.0.19041.1_none_cb3863f9a8ef975e\tzres.dll Handle ID: 0xd68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tssessionux-library_31bf3856ad364e35_10.0.19041.1_none_309a69a65df171cb\TSSessionUX.dll Handle ID: 0xd64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip_31bf3856ad364e35_10.0.19041.1_none_1776a3602eb73133\tcpipcfg.dll Handle ID: 0xd60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..stedsignal-credprov_31bf3856ad364e35_10.0.19041.1_none_845444c17a1aeb3b\TrustedSignalCredProv.dll Handle ID: 0xd5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.19041.1_none_597912734561c5f4\ucsvc.exe Handle ID: 0x680 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..utilityexfatlibrary_31bf3856ad364e35_10.0.19041.1_none_dff07260dd9df225\uexfat.dll Handle ID: 0x9c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemeventsbroker_31bf3856ad364e35_10.0.19041.1_none_7e925158dcd948ee\SystemEventsBrokerServer.dll Handle ID: 0xd1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\swprv.dll Handle ID: 0x9c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smi-engine_31bf3856ad364e35_10.0.19041.1_none_4e063d17b240687b\SmiEngine.dll Handle ID: 0x660 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..emutilityfatlibrary_31bf3856ad364e35_10.0.19041.1_none_0452fb18f9222ce6\ufat.dll Handle ID: 0x9e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pdc-dll_31bf3856ad364e35_10.0.19041.1_none_51cd9d3807c45a79\umpdc.dll Handle ID: 0x9e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapttls_31bf3856ad364e35_10.0.19041.1_none_d9072779f812c6f6\TtlsCfg.dll Handle ID: 0x9ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapttls_31bf3856ad364e35_10.0.19041.1_none_d9072779f812c6f6\TtlsAuth.dll Handle ID: 0xd78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.19041.1_none_adf98e02f565c8fe\unlodctr.exe Handle ID: 0x694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-textshaping_31bf3856ad364e35_10.0.19041.1_none_db5d40e9f0d72582\TextShaping.dll Handle ID: 0x9dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-umpnpmgr_31bf3856ad364e35_10.0.19041.1_none_d2e1ddf9ec9ef42c\umpnpmgr.dll Handle ID: 0xd88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\ureg.dll Handle ID: 0xd8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs_31bf3856ad364e35_10.0.19041.1_none_643da99ff70141b5\sxs.dll Handle ID: 0xd84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_10.0.19041.1_none_9f87655b8f0ae013\ulib.dll Handle ID: 0x9f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodepowerservice_31bf3856ad364e35_10.0.19041.1_none_13fb948debd0d967\umpo.dll Handle ID: 0xd80 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_10.0.19041.1_none_9219c799710d7e86\userinit.exe Handle ID: 0xd7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setup-unattend_31bf3856ad364e35_10.0.19041.1_none_4ba5f79215148956\unattend.dll Handle ID: 0x9e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userinitext_31bf3856ad364e35_10.0.19041.1_none_70c90297a2e629f9\userinitext.dll Handle ID: 0xd58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-system-user-ext_31bf3856ad364e35_10.0.19041.1_none_31520445be6f2b5c\usermgrcli.dll Handle ID: 0xd54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userenv_31bf3856ad364e35_10.0.19041.1_none_463177f6eaa0601d\userenv.dll Handle ID: 0xd50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usp_31bf3856ad364e35_10.0.19041.1_none_62eb8691f7d9e6a9\usp10.dll Handle ID: 0xd4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_10.0.19041.1_none_c76ef769309c4dc2\utildll.dll Handle ID: 0xda8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\utcutil.dll Handle ID: 0xda4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-uxinit_31bf3856ad364e35_10.0.19041.1_none_1346fe218b9024fc\UXInit.dll Handle ID: 0xda0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..mutilityudfslibrary_31bf3856ad364e35_10.0.19041.1_none_a1b19e53fbe710d3\uudf.dll Handle ID: 0xd9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-system-user-component_31bf3856ad364e35_10.0.19041.1_none_1b2acc91da05ca90\UserMgrProxy.dll Handle ID: 0x9a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..mutilityntfslibrary_31bf3856ad364e35_10.0.19041.1_none_b4b4c550934ab15c\untfs.dll Handle ID: 0xd98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..tilityrefsv1library_31bf3856ad364e35_10.0.19041.1_none_c6027a04b7673956\uReFSv1.dll Handle ID: 0xd94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..mutilityrefslibrary_31bf3856ad364e35_10.0.19041.1_none_b1e9e2c3ee743677\uReFS.dll Handle ID: 0x9f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..tem-tracedatahelper_31bf3856ad364e35_10.0.19041.1_none_aafc5364aad00ff9\tdh.dll Handle ID: 0x9d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1_none_20dbe0239a0c22b4\vdsldr.exe Handle ID: 0x9d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ucrt_31bf3856ad364e35_10.0.19041.1_none_61b242cab8dd7003\ucrtbase.dll Handle ID: 0xc8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\ucrtbase.dll Handle ID: 0xc88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..virtualdiskprovider_31bf3856ad364e35_10.0.19041.1_none_b35f331385cac222\vdsvd.dll Handle ID: 0xdc8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..rvice-basicprovider_31bf3856ad364e35_10.0.19041.1_none_d336c6d0134b4f8a\vdsbas.dll Handle ID: 0xa08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1_none_20dbe0239a0c22b4\vdsutil.dll Handle ID: 0xdc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1_none_20dbe0239a0c22b4\vds_ps.dll Handle ID: 0xdc0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-version_31bf3856ad364e35_10.0.19041.1_none_caef5cb2f043426f\version.dll Handle ID: 0xdd4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vhfapi_31bf3856ad364e35_10.0.19041.1_none_7fe9b9e50aa39619\VhfUm.dll Handle ID: 0xdd0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskapilibrary_31bf3856ad364e35_10.0.19041.1_none_a353adcda7cf69e6\virtdisk.dll Handle ID: 0xddc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-driververifier-tools_31bf3856ad364e35_10.0.19041.1_none_76edadec5ba257b3\verifier.exe Handle ID: 0xdbc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-vpnikeapi_31bf3856ad364e35_10.0.19041.1_none_fbdcbee389599c98\vpnikeapi.dll Handle ID: 0xa0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-driververifier_31bf3856ad364e35_10.0.19041.1_none_705ce89b3c18ecc5\verifiergui.exe Handle ID: 0xdd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_10.0.19041.1_none_5bd5a857a5ed218d\uxtheme.dll Handle ID: 0xa04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssapi-core_31bf3856ad364e35_10.0.19041.1_none_902ac89bbb265a11\vsstrace.dll Handle ID: 0xdb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..ice-dynamicprovider_31bf3856ad364e35_10.0.19041.1_none_13ea39be4ff60bb5\vdsdyn.dll Handle ID: 0xdb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssproxystub_31bf3856ad364e35_10.0.19041.1_none_e6ad2dddc94ee56d\vss_ps.dll Handle ID: 0xdb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_10.0.19041.1_none_84ce53e99093d752\w32topl.dll Handle ID: 0xa00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-verifier_31bf3856ad364e35_10.0.19041.1_none_7ff642e6680af133\verifier.dll Handle ID: 0x9fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wallpaperhost_31bf3856ad364e35_10.0.19041.1_none_13f5052244ba101f\WallpaperHost.exe Handle ID: 0xd90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1_none_20dbe0239a0c22b4\vds.exe Handle ID: 0x9f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-protocol-component_31bf3856ad364e35_10.0.19041.1_none_976a18a40a1541a1\Websocket.dll Handle ID: 0xdac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-digest_31bf3856ad364e35_10.0.19041.1_none_f0be589b1c129a44\wdigest.dll Handle ID: 0xdfc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pantherengine_31bf3856ad364e35_10.0.19041.1_none_64027d1445343e4f\wdscore.dll Handle ID: 0xa20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.1_none_d667bf99a541c264\werdiagcontroller.dll Handle ID: 0xdf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1_none_25f82a25dc26d7b4\WerEnc.dll Handle ID: 0xe08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_10.0.19041.1_none_832979c50cba05ad\user32.dll Handle ID: 0xa24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-system-user-service_31bf3856ad364e35_10.0.19041.1_none_41495716125a355a\usermgr.dll Handle ID: 0xe10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1_none_25f82a25dc26d7b4\WerFaultSecure.exe Handle ID: 0xe0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-time-service_31bf3856ad364e35_10.0.19041.1_none_3e9871330ca82baa\w32time.dll Handle ID: 0xa28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_10.0.19041.1_none_656368a8377f11e3\vpnike.dll Handle ID: 0xe04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.1_none_d667bf99a541c264\weretw.dll Handle ID: 0xa1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.1_none_d667bf99a541c264\wermgr.exe Handle ID: 0xdf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\wfapigp.dll Handle ID: 0xa10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.19041.1_none_3eecafedb43c1031\WimBootCompress.ini Handle ID: 0xe28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webio_31bf3856ad364e35_10.0.19041.1_none_12db47a17e10c0f7\webio.dll Handle ID: 0xe2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-feedback-service_31bf3856ad364e35_10.0.19041.1_none_2fbd00e530432624\wersvc.dll Handle ID: 0xa18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_11.0.19041.1_none_9ec5a037e1014fa5\urlmon.dll Handle ID: 0xa14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.19041.1_none_76c543231c2d8e03\wevtutil.exe Handle ID: 0xdec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1_none_25f82a25dc26d7b4\WerFault.exe Handle ID: 0xde8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog-api_31bf3856ad364e35_10.0.19041.1_none_62220fa004a7b8e2\wevtapi.dll Handle ID: 0xde4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..y-biometrics-client_31bf3856ad364e35_10.0.19041.1_none_6809ce232425e1f9\winbio.dll Handle ID: 0xde0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_6ee4873e39e4503b\win32u.dll Handle ID: 0xa3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.1_none_d667bf99a541c264\wer.dll Handle ID: 0xe40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.19041.1_none_3eecafedb43c1031\wimserv.exe Handle ID: 0xe3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_eae66734659b60d0\setupapi.dll Handle ID: 0xe38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-branding-engine_31bf3856ad364e35_10.0.19041.1_none_9f5ae62104c19365\winbrand.dll Handle ID: 0xe34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_6ee4873e39e4503b\win32k.sys Handle ID: 0xe30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wincredui_31bf3856ad364e35_10.0.19041.1_none_a6e5c22b9b05e853\wincredui.dll Handle ID: 0xa30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.19041.1_none_3eecafedb43c1031\wimgapi.dll Handle ID: 0xe24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webservices_31bf3856ad364e35_10.0.19041.1_none_c46d65bcce0fc64d\webservices.dll Handle ID: 0xe20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-system-remote_31bf3856ad364e35_10.0.19041.1_none_01fbef487c77f243\Windows.System.RemoteDesktop.dll Handle ID: 0xe68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..umaninterfacedevice_31bf3856ad364e35_10.0.19041.1_none_d661e88c4521c4bd\Windows.Devices.HumanInterfaceDevice.dll Handle ID: 0xe18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imageres-embedded_31bf3856ad364e35_10.0.19041.1_none_df1a04943ffc8859\imageres.dll Handle ID: 0xe14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.1_none_c3df43fac5e304be\wincorlib.dll Handle ID: 0xa2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fileexplorer-common_31bf3856ad364e35_10.0.19041.1_none_2342a6410b3d93e4\Windows.FileExplorer.Common.dll Handle ID: 0xe00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-windowsstorage-onecore_31bf3856ad364e35_10.0.19041.1_none_3d8fda155ea1164b\Windows.Storage.OneCore.dll Handle ID: 0xd48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..-ui-logon-proxystub_31bf3856ad364e35_10.0.19041.1_none_b21ae6ce61e4b93c\Windows.Internal.UI.Logon.ProxyStub.dll Handle ID: 0x71c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssapi-core_31bf3856ad364e35_10.0.19041.1_none_902ac89bbb265a11\vssapi.dll Handle ID: 0xd28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.winhttpcom_31bf3856ad364e35_5.1.19041.1_none_2583f6d83be26175\winhttpcom.dll Handle ID: 0x9c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininitext_31bf3856ad364e35_10.0.19041.1_none_4e7fa6f201777f76\wininitext.dll Handle ID: 0xd44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-creddialogcontroller_31bf3856ad364e35_10.0.19041.1_none_e2f5d71302a679c7\Windows.UI.CredDialogController.dll Handle ID: 0xa54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\winipsec.dll Handle ID: 0xa48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-uiautomationcore_31bf3856ad364e35_10.0.19041.1_none_6609a122e1796b0b\UIAutomationCore.dll Handle ID: 0xe80 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon-ext_31bf3856ad364e35_10.0.19041.1_none_3990ef4a132546c8\winlogonext.dll Handle ID: 0xa50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..o-mmecore-winmmbase_31bf3856ad364e35_10.0.19041.1_none_d23d391ffec1befe\winmm.dll Handle ID: 0xe88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_10.0.19041.1_none_20a93e5d48a3484c\winnlsres.dll Handle ID: 0xa58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_2853306366d1671d\winnsi.dll Handle ID: 0xe84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe-background_31bf3856ad364e35_10.0.19041.1_none_32b01a295792e055\winpe.jpg Handle ID: 0xe9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_10.0.19041.1_none_6bd0c9bdf10da202\winmmbase.dll Handle ID: 0xe98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools_31bf3856ad364e35_10.0.19041.1_none_b0f0b064d63d511a\winpeshl.exe Handle ID: 0xe90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_10.0.19041.1_none_e6e3c652a3ae2d1d\wininit.exe Handle ID: 0xea0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..cardsubsystemclient_31bf3856ad364e35_10.0.19041.1_none_ced587c718f6befa\WinSCard.dll Handle ID: 0xe7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog_31bf3856ad364e35_10.0.19041.1_none_92b5699db236b5ff\wevtsvc.dll Handle ID: 0xd40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.19041.1_none_745ae7f5de0c5438\winhttp.dll Handle ID: 0xd3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_10.0.19041.1_none_ba760ff196b881e4\winsockhc.dll Handle ID: 0xd38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.19041.1_none_25b40e9a744f0270\winlogon.exe Handle ID: 0xd34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-branding-engine_31bf3856ad364e35_10.0.19041.1_none_9f5ae62104c19365\winsku.dll Handle ID: 0xd30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.1_none_18207bac374ef9df\windowsperformancerecordercontrol.dll Handle ID: 0xd2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsrv_31bf3856ad364e35_10.0.19041.1_none_6c6fa4263bb2bc26\winsrv.dll Handle ID: 0xa68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsrvext_31bf3856ad364e35_10.0.19041.1_none_7deda8bd79cb100b\winsrvext.dll Handle ID: 0xe1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1_none_1117c7b60c0466c3\winload.exe Handle ID: 0xa38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ment-windows-minwin_31bf3856ad364e35_10.0.19041.1_none_05dcb3de9b5c150b\winload.exe Handle ID: 0xa40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wintrust-dll_31bf3856ad364e35_10.0.19041.1_none_a59f4749396e6b7e\wintrust.dll Handle ID: 0xa44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_10.0.19041.1_none_92d0fce86b5e6c76\winsta.dll Handle ID: 0xa5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanutil_31bf3856ad364e35_10.0.19041.1_none_f108c0bead67c531\wlanutil.dll Handle ID: 0x750 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1_none_1117c7b60c0466c3\winresume.exe Handle ID: 0xea4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_10.0.19041.1_none_1f29a4ae2c282494\winresume.exe Handle ID: 0xe8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_10.0.19041.1_none_4c72c4fe407ba476\WindowsCodecs.dll Handle ID: 0xa4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_10.0.19041.1_none_491f03a2b80b5701\winspool.drv Handle ID: 0xe6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmistub_31bf3856ad364e35_10.0.19041.1_none_53b3552e52e466fe\wmi.dll Handle ID: 0xe78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ationservice-netapi_31bf3856ad364e35_10.0.19041.1_none_2b6c643e548ec657\wkscli.dll Handle ID: 0xe74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-wmiclnt_31bf3856ad364e35_10.0.19041.1_none_abe6c2792f59f2e7\wmiclnt.dll Handle ID: 0xec0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ropertypageprovider_31bf3856ad364e35_10.0.19041.1_none_390208341c5e5ae6\wmiprop.dll Handle ID: 0x804 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_10.0.19041.1_none_e6e3c652a3ae2d1d\wmsgapi.dll Handle ID: 0xebc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wofutil_31bf3856ad364e35_10.0.19041.1_none_41180bf7abb4de2d\WofUtil.dll Handle ID: 0xa74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1_none_1117c7b60c0466c3\winload.efi Handle ID: 0xa6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ment-windows-minwin_31bf3856ad364e35_10.0.19041.1_none_05dcb3de9b5c150b\winload.efi Handle ID: 0xa70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1_none_1117c7b60c0466c3\winresume.efi Handle ID: 0xeb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_10.0.19041.1_none_1f29a4ae2c282494\winresume.efi Handle ID: 0xeb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_eae66734659b60d0\wowreg32.exe Handle ID: 0xeb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ci-wldp-dll_31bf3856ad364e35_10.0.19041.1_none_4af57b1829d0fc36\wldp.dll Handle ID: 0x644 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools_31bf3856ad364e35_10.0.19041.1_none_b0f0b064d63d511a\wpeutil.exe Handle ID: 0xed8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.1_none_18207bac374ef9df\wpr.config.xml Handle ID: 0xed4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools_31bf3856ad364e35_10.0.19041.1_none_b0f0b064d63d511a\wpeinit.exe Handle ID: 0xed0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_10.0.19041.1_none_ba760ff196b881e4\ws2help.dll Handle ID: 0x74c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-workstationservice_31bf3856ad364e35_10.0.19041.1_none_822b2571762f47ef\wkssvc.dll Handle ID: 0xecc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools_31bf3856ad364e35_10.0.19041.1_none_b0f0b064d63d511a\wpeutil.dll Handle ID: 0xec8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_8d8c2e85b98ddf69\wshhyperv.dll Handle ID: 0x69c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_10.0.19041.1_none_ba760ff196b881e4\wshelper.dll Handle ID: 0xec4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ldap-client_31bf3856ad364e35_10.0.19041.1_none_a92d551af5c93a56\Wldap32.dll Handle ID: 0xe70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_10.0.19041.1_none_81a41345d0e50bd5\wship6.dll Handle ID: 0xe64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_10.0.19041.1_none_81a41345d0e50bd5\WSHTCPIP.DLL Handle ID: 0xe60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-legacy_31bf3856ad364e35_10.0.19041.1_none_9956442cb0e4454b\wsock32.dll Handle ID: 0xef8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..g-onesettingsclient_31bf3856ad364e35_10.0.19041.1_none_401c1484642ad7b2\wosc.dll Handle ID: 0x818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..services-publicapis_31bf3856ad364e35_10.0.19041.1_none_7d21f8e165b2c296\wtsapi32.dll Handle ID: 0x814 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-xcopy_31bf3856ad364e35_10.0.19041.1_none_18e6b82c93a9c5f6\xcopy.exe Handle ID: 0xf00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_841b2dcf703e01c1\comctl32.dll.mui Handle ID: 0xf08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-cmiplugin_31bf3856ad364e35_10.0.19041.1_none_72f39a6acb655331\wmicmiplugin.dll Handle ID: 0xf04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_819c34ef9c4b059f\cdosys.dll.mui Handle ID: 0x654 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-win32kbase_31bf3856ad364e35_10.0.19041.1_none_6467534c061ae30a\win32kbase.sys Handle ID: 0xefc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_23d6081ee1065300\fms.dll.mui Handle ID: 0xe5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_2a5b0f5860be5318\comctl32.dll.mui Handle ID: 0xe54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_a7940cd7ed29ac79\mlang.dll.mui Handle ID: 0xe50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.1_none_18207bac374ef9df\wpr.exe Handle ID: 0xe4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_0c47983f4a48e577\comdlg32.dll.mui Handle ID: 0xe48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsqlite3_31bf3856ad364e35_10.0.19041.1_none_cc4e22eec8cdf1a0\winsqlite3.dll Handle ID: 0xe44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_ca15e9a7d186a457\fms.dll.mui Handle ID: 0xc84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_4dd3ee60dda9fdd0\mlang.dll.mui Handle ID: 0xc80 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-xmllite_31bf3856ad364e35_10.0.19041.1_none_3f2c8c1642ac14b2\xmllite.dll Handle ID: 0x18a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_68735a12391b6597\msimsg.dll.mui Handle ID: 0x18ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_10.0.19041.1_none_a8a8be466db38c3f\ws2_32.dll Handle ID: 0x18b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_b28779c83ac936ce\comdlg32.dll.mui Handle ID: 0x18b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_0eb33b9b299bb6ee\msimsg.dll.mui Handle ID: 0x7fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_10.0.19041.1_none_5668fec1a41d6ac1\driver.stl Handle ID: 0x18b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..egrity-driverpolicy_31bf3856ad364e35_10.0.19041.1_none_6a270ae8836eb4ca\driversipolicy.p7b Handle ID: 0x18bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.1_none_c3df43fac5e304be\WinTypes.dll Handle ID: 0x18c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_6ee4873e39e4503b\win32kfull.sys Handle ID: 0x18c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_d56485f34e462f43\comctl32.dll.mui Handle ID: 0x18d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_751f6042bf0e8082\fms.dll.mui Handle ID: 0x18d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_d9f8f0a4b1540e6d\msprivs.dll.mui Handle ID: 0x18d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_f8dd64fbcb31d9fb\mlang.dll.mui Handle ID: 0xf5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_d2e58d137a533321\cdosys.dll.mui Handle ID: 0xf58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_da-dk_729e661a448c2b42\comctl32.dll.mui Handle ID: 0xf64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_da-dk_12594069b5547c81\fms.dll.mui Handle ID: 0xf68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_5d90f063285112f9\comdlg32.dll.mui Handle ID: 0xf4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_da-dk_701f6d3a70992f20\cdosys.dll.mui Handle ID: 0xf48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_da-dk_7732d0cba79a0a6c\msprivs.dll.mui Handle ID: 0xf44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_b9bcb23617239319\msimsg.dll.mui Handle ID: 0xf40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_da-dk_96174522c177d5fa\mlang.dll.mui Handle ID: 0xf3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_de-de_6fc9fb5646627fdc\comctl32.dll.mui Handle ID: 0xf78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_da-dk_facad08a1e970ef8\comdlg32.dll.mui Handle ID: 0xf80 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.19041.1_none_22216f24538098e3\ntoskrnl.exe Handle ID: 0xf8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_de-de_0f84d5a5b72ad11b\fms.dll.mui Handle ID: 0xf88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_de-de_745e6607a9705f06\msprivs.dll.mui Handle ID: 0xf84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_de-de_6d4b0276726f83ba\cdosys.dll.mui Handle ID: 0xf74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_de-de_9342da5ec34e2a94\mlang.dll.mui Handle ID: 0xf70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-provisioningxml_31bf3856ad364e35_10.0.19041.1_none_bd9b9842d29858e9\wpx.dll Handle ID: 0xf6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_da-dk_56f6925d0d698f18\msimsg.dll.mui Handle ID: 0xf60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\DiagnosticsHub.StandardCollector.ServiceRes.dll Handle ID: 0x18dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\DiagnosticsHub.StandardCollector.Proxy.dll Handle ID: 0x18e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_de-de_f7f665c6206d6392\comdlg32.dll.mui Handle ID: 0x18e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_de-de_542227990f3fe3b2\msimsg.dll.mui Handle ID: 0x18e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\DiagnosticsHub.Packaging.dll Handle ID: 0x18ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\DiagnosticsHub.StandardCollector.Service.exe Handle ID: 0x18f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\KernelTraceControl.dll Handle ID: 0x18f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\DismHost.exe Handle ID: 0x18f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\DismCorePS.dll Handle ID: 0x18fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\FolderProvider.dll Handle ID: 0x1900 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\DiagnosticsHub.StandardCollector.Runtime.dll Handle ID: 0x1904 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\DismProv.dll Handle ID: 0x1908 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\DismCore.dll Handle ID: 0x190c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shell32_31bf3856ad364e35_10.0.19041.1_none_221a3861b159743a\shell32.dll Handle ID: 0x1910 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\LogProvider.dll Handle ID: 0x1914 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\GenericProvider.dll Handle ID: 0x1918 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\ImagingProvider.dll Handle ID: 0x191c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\OSProvider.dll Handle ID: 0x1920 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\OfflineSetupProvider.dll Handle ID: 0x1924 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\DmiProvider.dll Handle ID: 0x1928 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\IntlProvider.dll Handle ID: 0x192c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-base-util-l1-1-0.dll Handle ID: 0x1930 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_8deab740314165ae\api-ms-win-core-com-l1-1-0.dll Handle ID: 0x1934 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-comm-l1-1-0.dll Handle ID: 0x1938 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..-winproviders-winpe_31bf3856ad364e35_10.0.19041.1_none_d4a0bf5d69b223c4\PEProvider.dll Handle ID: 0x193c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-console-l1-1-0.dll Handle ID: 0x80c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-datetime-l1-1-0.dll Handle ID: 0x84c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-datetime-l1-1-1.dll Handle ID: 0xfbc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-debug-l1-1-0.dll Handle ID: 0xfb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-debug-l1-1-1.dll Handle ID: 0xfc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-delayload-l1-1-0.dll Handle ID: 0xfc0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-errorhandling-l1-1-0.dll Handle ID: 0xa7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-errorhandling-l1-1-1.dll Handle ID: 0xa78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-fibers-l1-1-0.dll Handle ID: 0x830 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-fibers-l1-1-1.dll Handle ID: 0x1940 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-file-l1-2-0.dll Handle ID: 0x1944 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-file-l1-1-0.dll Handle ID: 0x1948 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-file-l1-2-1.dll Handle ID: 0x194c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-core-file-l2-1-0.dll Handle ID: 0x1950 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-core-file-l2-1-1.dll Handle ID: 0x1954 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\UnattendProvider.dll Handle ID: 0x1958 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-handle-l1-1-0.dll Handle ID: 0x195c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\SmiProvider.dll Handle ID: 0xfec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\FfuProvider.dll Handle ID: 0xfe8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-heap-l1-1-0.dll Handle ID: 0xedc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll Handle ID: 0xfe4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-interlocked-l1-1-0.dll Handle ID: 0xfe0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-io-l1-1-0.dll Handle ID: 0xfdc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-io-l1-1-1.dll Handle ID: 0xfd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-kernel32-legacy-l1-1-1.dll Handle ID: 0xfd4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-kernel32-legacy-l1-1-0.dll Handle ID: 0xfd0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll Handle ID: 0x850 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll Handle ID: 0x1004 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-libraryloader-l1-1-0.dll Handle ID: 0xa84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-libraryloader-l1-1-1.dll Handle ID: 0xa90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-localization-l1-2-1.dll Handle ID: 0x854 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-localization-l1-2-0.dll Handle ID: 0xfcc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\API-MS-Win-core-localization-obsolete-l1-2-0.dll Handle ID: 0xa80 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-memory-l1-1-0.dll Handle ID: 0x858 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-memory-l1-1-1.dll Handle ID: 0xffc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-memory-l1-1-2.dll Handle ID: 0xff8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-namedpipe-l1-1-0.dll Handle ID: 0xff4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-privateprofile-l1-1-0.dll Handle ID: 0xff0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-privateprofile-l1-1-1.dll Handle ID: 0x1960 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-processenvironment-l1-1-0.dll Handle ID: 0x1964 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-processenvironment-l1-2-0.dll Handle ID: 0x1968 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-processthreads-l1-1-0.dll Handle ID: 0x196c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-processthreads-l1-1-1.dll Handle ID: 0x1970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-processthreads-l1-1-2.dll Handle ID: 0x1974 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\CbsProvider.dll Handle ID: 0x1978 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-processtopology-obsolete-l1-1-0.dll Handle ID: 0x197c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-profile-l1-1-0.dll Handle ID: 0x1980 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-realtime-l1-1-0.dll Handle ID: 0x1984 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-registry-l1-1-0.dll Handle ID: 0x1988 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-registry-l2-1-0.dll Handle ID: 0x198c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-rtlsupport-l1-1-0.dll Handle ID: 0x1990 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll Handle ID: 0x1994 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-shutdown-l1-1-0.dll Handle ID: 0x1998 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-shlwapi-legacy-l1-1-0.dll Handle ID: 0x199c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-string-l1-1-0.dll Handle ID: 0x19a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-core-string-l2-1-0.dll Handle ID: 0x19a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-core-string-obsolete-l1-1-0.dll Handle ID: 0x1054 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-stringansi-l1-1-0.dll Handle ID: 0x19a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-stringloader-l1-1-1.dll Handle ID: 0x19ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-synch-l1-2-0.dll Handle ID: 0x19b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-synch-l1-1-0.dll Handle ID: 0x19b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-sysinfo-l1-1-0.dll Handle ID: 0xab8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-sysinfo-l1-2-0.dll Handle ID: 0x1060 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-sysinfo-l1-2-1.dll Handle ID: 0x105c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-threadpool-l1-2-0.dll Handle ID: 0xab4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-threadpool-legacy-l1-1-0.dll Handle ID: 0x1058 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-threadpool-private-l1-1-0.dll Handle ID: 0x1050 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-timezone-l1-1-0.dll Handle ID: 0xab0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-util-l1-1-0.dll Handle ID: 0x1048 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-url-l1-1-0.dll Handle ID: 0x104c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-version-l1-1-0.dll Handle ID: 0x1044 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-wow64-l1-1-0.dll Handle ID: 0xaac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-xstate-l1-1-0.dll Handle ID: 0x1040 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-core-xstate-l2-1-0.dll Handle ID: 0x103c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-conio-l1-1-0.dll Handle ID: 0x1038 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-environment-l1-1-0.dll Handle ID: 0xaa8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-convert-l1-1-0.dll Handle ID: 0xaa4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-heap-l1-1-0.dll Handle ID: 0x1024 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-filesystem-l1-1-0.dll Handle ID: 0x1034 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-locale-l1-1-0.dll Handle ID: 0x1030 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-process-l1-1-0.dll Handle ID: 0x1018 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-math-l1-1-0.dll Handle ID: 0xa64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-multibyte-l1-1-0.dll Handle ID: 0xa9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-runtime-l1-1-0.dll Handle ID: 0xaa0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-stdio-l1-1-0.dll Handle ID: 0x102c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-time-l1-1-0.dll Handle ID: 0x1028 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-utility-l1-1-0.dll Handle ID: 0x1020 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-string-l1-1-0.dll Handle ID: 0x101c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-devices-config-L1-1-0.dll Handle ID: 0x1014 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-devices-config-L1-1-1.dll Handle ID: 0x1010 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll Handle ID: 0xa98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_27337cd97933b011\api-ms-win-eventing-consumer-l1-1-0.dll Handle ID: 0x100c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_27337cd97933b011\API-MS-Win-Eventing-Controller-L1-1-0.dll Handle ID: 0x1008 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Eventing-Legacy-L1-1-0.dll Handle ID: 0xa94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Eventing-Provider-L1-1-0.dll Handle ID: 0xfc8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-EventLog-Legacy-L1-1-0.dll Handle ID: 0xfb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Security-Lsalookup-L2-1-0.dll Handle ID: 0xfb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_27337cd97933b011\api-ms-win-security-cryptoapi-l1-1-0.dll Handle ID: 0xfac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Security-Lsalookup-L2-1-1.dll Handle ID: 0x820 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-security-base-l1-1-0.dll Handle ID: 0x810 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_27337cd97933b011\API-MS-Win-security-lsapolicy-l1-1-0.dll Handle ID: 0x848 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-private-l1-1-0.dll Handle ID: 0xf50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-security-provider-L1-1-0.dll Handle ID: 0x620 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_27337cd97933b011\api-ms-win-security-sddl-l1-1-0.dll Handle ID: 0x7f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-core-l1-1-0.dll Handle ID: 0x684 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-core-l1-1-1.dll Handle ID: 0x7f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-management-l1-1-0.dll Handle ID: 0x9d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-management-l2-1-0.dll Handle ID: 0x844 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-private-l1-1-0.dll Handle ID: 0x834 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-private-l1-1-1.dll Handle ID: 0x10fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-winsvc-l1-1-0.dll Handle ID: 0x10f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f70e304c2189961c\api-ms-win-shcore-stream-l1-1-0.dll Handle ID: 0xaf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\VhdProvider.dll Handle ID: 0xfa8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\ProvProvider.dll Handle ID: 0x840 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\WimProvider.dll Handle ID: 0xf9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-acpiex_31bf3856ad364e35_10.0.19041.1_none_eabbb32778568ee1\acpiex.sys Handle ID: 0xf98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_10.0.19041.1_none_656368a8377f11e3\agilevpn.sys Handle ID: 0xf90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_10.0.19041.1_none_da48dc66d436c4ea\asyncmac.sys Handle ID: 0xf38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-acx-classextension_31bf3856ad364e35_10.0.19041.1_none_603af04756940675\Acx01000.sys Handle ID: 0xf24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bowser_31bf3856ad364e35_10.0.19041.1_none_dc509a77c39e1813\bowser.sys Handle ID: 0x5bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdfs_31bf3856ad364e35_10.0.19041.1_none_5c58a092bc516f41\cdfs.sys Handle ID: 0xf1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cmi_31bf3856ad364e35_10.0.19041.1_none_5fbf57cbf9e86514\cmiv2.dll Handle ID: 0xf14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventaggregation_31bf3856ad364e35_10.0.19041.1_none_63a798d6bc80e6c3\CEA.sys Handle ID: 0x5b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_10.0.19041.1_none_8dd95015fdcaa5cb\afd.sys Handle ID: 0xef0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..m-initmachineconfig_31bf3856ad364e35_10.0.19041.1_none_8c7d59649b9010b9\cmimcext.sys Handle ID: 0x748 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.19041.1_none_ebcb7bd9ac0a7638\wininet.dll Handle ID: 0xee0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-console-driver_31bf3856ad364e35_10.0.19041.1_none_bda6d8de6d326289\condrv.sys Handle ID: 0xa60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-crashdump_31bf3856ad364e35_10.0.19041.1_none_5b7e6b42b633893e\crashdmp.sys Handle ID: 0xd24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-diskdump_31bf3856ad364e35_10.0.19041.1_none_1caf439036a3b758\Diskdump.sys Handle ID: 0xd20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dumpusbstor_31bf3856ad364e35_10.0.19041.1_none_9739b5dd0fd1ea77\Dmpusbstor.sys Handle ID: 0xe94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dumpata_31bf3856ad364e35_10.0.19041.1_none_1f2f2b820d66819f\Dumpata.sys Handle ID: 0x1198 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-classpnp-minwin_31bf3856ad364e35_10.0.19041.1_none_c4a2c41a8ca495de\Classpnp.sys Handle ID: 0xb30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-commonlog_31bf3856ad364e35_10.0.19041.1_none_3473a830c6e98c70\clfs.sys Handle ID: 0x11a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_10.0.19041.1_none_3d8b3b6185796b59\dfsc.sys Handle ID: 0x119c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dumpstorport_31bf3856ad364e35_10.0.19041.1_none_ede32bc4ec2191f4\Dumpstorport.sys Handle ID: 0x11a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-onecore__mi..tartup-filterdriver_31bf3856ad364e35_10.0.19041.1_none_1ad26604d92628d1\dumpfve.sys Handle ID: 0x11a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cng_31bf3856ad364e35_10.0.19041.1_none_5edc32a7fa7a75a7\cng.sys Handle ID: 0xb04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_10.0.19041.1_none_61b9a62282ea4bf7\dxgmms1.sys Handle ID: 0x11b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filebasedwritefilter_31bf3856ad364e35_10.0.19041.1_none_7451610a8fd1f391\fbwf.sys Handle ID: 0xb00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-exfat_31bf3856ad364e35_10.0.19041.1_none_0b57ec97b88919cf\exfat.sys Handle ID: 0xb3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fileinfominifilter_31bf3856ad364e35_10.0.19041.1_none_8ca608a8d0ab598e\fileinfo.sys Handle ID: 0x11ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ependencyminifilter_31bf3856ad364e35_10.0.19041.1_none_e044076f26d88682\fsdepends.sys Handle ID: 0x11b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-coreos-minwin_31bf3856ad364e35_10.0.19041.1_none_0c74dc47cdc0c489\fs_rec.sys Handle ID: 0xb44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l..-security-processor_31bf3856ad364e35_10.0.19041.1_none_753573cf4f16bfb8\ClipSp.sys Handle ID: 0xafc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fat_31bf3856ad364e35_10.0.19041.1_none_64a43903f6c1af5a\fastfat.sys Handle ID: 0x11b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_10.0.19041.1_none_61b9a62282ea4bf7\dxgmms2.sys Handle ID: 0x11cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filtermanager-core_31bf3856ad364e35_10.0.19041.1_none_c6fa8075ca299800\fltMgr.sys Handle ID: 0xb40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hardware-policy_31bf3856ad364e35_10.0.19041.1_none_b8115bbc4932577a\hwpolicy.sys Handle ID: 0xb54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-onecore__mi..r-v-socket-provider_31bf3856ad364e35_10.0.19041.1_none_374e55df01fa604b\hvsocket.sys Handle ID: 0x11f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-driver_31bf3856ad364e35_10.0.19041.1_none_8de99335568c2092\FWPKCLNT.SYS Handle ID: 0x1210 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-onecore__mi..tartup-filterdriver_31bf3856ad364e35_10.0.19041.1_none_1ad26604d92628d1\fvevol.sys Handle ID: 0x1188 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreamingthunk_31bf3856ad364e35_10.0.19041.1_none_e86a349cb6e47170\ksthunk.sys Handle ID: 0x1184 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.19041.1_none_f35caf2131abed9a\ksecdd.sys Handle ID: 0x117c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_10.0.19041.1_none_5c3b9845fc28beb1\ksecpkg.sys Handle ID: 0xb24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.h..changer-driverclass_31bf3856ad364e35_10.0.19041.1_none_7e96789e6617c214\mcd.sys Handle ID: 0x1168 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..pointmanager-minwin_31bf3856ad364e35_10.0.19041.1_none_864c9e3e6c9f9e12\mountmgr.sys Handle ID: 0xb18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-drv_31bf3856ad364e35_10.0.19041.1_none_5863a83061dcb77c\mpsdrv.sys Handle ID: 0x1150 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_10.0.19041.1_none_0d71cfdb3541a1c8\ks.sys Handle ID: 0xb10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mshidkmdf_31bf3856ad364e35_10.0.19041.1_none_f66d51e010863068\mshidkmdf.sys Handle ID: 0xb14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msfs_31bf3856ad364e35_10.0.19041.1_none_5c614dbebc49ed16\msfs.sys Handle ID: 0x114c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_10.0.19041.1_none_17e5c8a57a1936af\mspclock.sys Handle ID: 0x1144 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_10.0.19041.1_none_0d71cfdb3541a1c8\mskssrv.sys Handle ID: 0xb0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_10.0.19041.1_none_17e5c8a57a1936af\mspqm.sys Handle ID: 0x1140 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gpio-class-extension_31bf3856ad364e35_10.0.19041.1_none_a1cbf947f3a46687\msgpioclx.sys Handle ID: 0x113c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_10.0.19041.1_none_40cc031f29236771\mrxsmb20.sys Handle ID: 0x1138 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_10.0.19041.1_none_17e5c8a57a1936af\mstee.sys Handle ID: 0x1134 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecore-winrt-storage_31bf3856ad364e35_10.0.19041.1_none_9a20dfaabca58b11\windows.storage.dll Handle ID: 0x1290 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-core_31bf3856ad364e35_10.0.19041.1_none_e7d7871a6376ff0e\ndistapi.sys Handle ID: 0xba4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mup_31bf3856ad364e35_10.0.19041.1_none_62e356b1f7e14f33\mup.sys Handle ID: 0x129c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndis-virtualbus_31bf3856ad364e35_10.0.19041.1_none_1153eeecbb78ada1\NdisVirtualBus.sys Handle ID: 0x1298 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_10.0.19041.1_none_21e21547863ba45c\ndisuio.sys Handle ID: 0xbac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rpc-kernel_31bf3856ad364e35_10.0.19041.1_none_74fd915921441a6a\msrpc.sys Handle ID: 0xba8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_10.0.19041.1_none_35827ab8f07af59e\mrxsmb.sys Handle ID: 0x12a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netbios_31bf3856ad364e35_10.0.19041.1_none_0fd2c5ae0a7cd53b\netbios.sys Handle ID: 0x12a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-core_31bf3856ad364e35_10.0.19041.1_none_e7d7871a6376ff0e\ndproxy.sys Handle ID: 0xbb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winquic_31bf3856ad364e35_10.0.19041.1_none_df0a4eeaa8c1710f\msquic.sys Handle ID: 0x12ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_10.0.19041.1_none_a9299e44f6a84ec9\ndiswan.sys Handle ID: 0x12b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_2853306366d1671d\nsiproxy.sys Handle ID: 0x12b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-null_31bf3856ad364e35_10.0.19041.1_none_5f56fb00ba5a9142\null.sys Handle ID: 0x12bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-npfs_31bf3856ad364e35_10.0.19041.1_none_5c629260bc48b98a\npfs.sys Handle ID: 0x12c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntosext_31bf3856ad364e35_10.0.19041.1_none_89e4438cceba3f44\ntosext.sys Handle ID: 0xbb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..wdf-class-extension_31bf3856ad364e35_10.0.19041.1_none_3ece2840a591ddbe\NetAdapterCx.sys Handle ID: 0xbb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-http_31bf3856ad364e35_10.0.19041.1_none_62b209ccb8387393\http.sys Handle ID: 0x12c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netbt-minwin_31bf3856ad364e35_10.0.19041.1_none_a19d8ec5773d4c59\netbt.sys Handle ID: 0x12e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pcw_31bf3856ad364e35_10.0.19041.1_none_6602a3e1f5dded97\pcw.sys Handle ID: 0x7ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-portcfg_31bf3856ad364e35_10.0.19041.1_none_e08628635c2267bc\portcfg.sys Handle ID: 0x128c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-partitionmanager_31bf3856ad364e35_10.0.19041.1_none_978d210f59cd170e\partmgr.sys Handle ID: 0x12f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pdc-mw_31bf3856ad364e35_10.0.19041.1_none_d8c3201e0c8a5167\pdc.sys Handle ID: 0x12f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ram-disk-driver_31bf3856ad364e35_10.0.19041.1_none_c051ee891e045c04\ramdisk.sys Handle ID: 0x1304 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.1_none_c5cb0c3a04b0a5de\rasacd.sys Handle ID: 0xb9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-raspppoe_31bf3856ad364e35_10.0.19041.1_none_0c2491a439f55f8f\raspppoe.sys Handle ID: 0x1310 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_10.0.19041.1_none_0c8c7a5954ab0dda\netio.sys Handle ID: 0x7a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_10.0.19041.1_none_4fcd5a20874bd0c1\rasl2tp.sys Handle ID: 0x1314 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_10.0.19041.1_none_4fe02c5c87346397\raspptp.sys Handle ID: 0x131c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..ase-rassstp-coresys_31bf3856ad364e35_10.0.19041.1_none_315ffa5b81f6a9a8\rassstp.sys Handle ID: 0x1324 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ymanagementservices_31bf3856ad364e35_10.0.19041.1_none_a965d346967271f3\sacdrv.sys Handle ID: 0x132c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.s..se.scsi_port_driver_31bf3856ad364e35_10.0.19041.1_none_9b713b66c97c53c5\scsiport.sys Handle ID: 0x7a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sdport_31bf3856ad364e35_10.0.19041.1_none_dd5ddf055642a76f\sdport.sys Handle ID: 0x1308 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-serial-classextension_31bf3856ad364e35_10.0.19041.1_none_ec05bfb3f8911367\SerCx.sys Handle ID: 0x12ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rdbss_31bf3856ad364e35_10.0.19041.1_none_0fc5e55000c6f60f\rdbss.sys Handle ID: 0x1344 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sleepstudyhelper_31bf3856ad364e35_10.0.19041.1_none_2c3619f0539aa9d3\SleepStudyHelper.sys Handle ID: 0x7b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.s...smart_card_library_31bf3856ad364e35_10.0.19041.1_none_aff4ba7b87150d94\smclib.sys Handle ID: 0x1318 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_10.0.19041.1_none_61b9a62282ea4bf7\dxgkrnl.sys Handle ID: 0x1288 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..l-classextension-v2_31bf3856ad364e35_10.0.19041.1_none_f3d28f7109310cd8\SerCx2.sys Handle ID: 0x1130 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spb-classextension_31bf3856ad364e35_10.0.19041.1_none_6fe049417df680da\SpbCx.sys Handle ID: 0x1128 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_10.0.19041.1_none_0f468bb8c7699238\ndis.sys Handle ID: 0x8d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs-v1_31bf3856ad364e35_10.0.19041.1_none_0815fcad3e97a0f7\refsv1.sys Handle ID: 0x135c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storage-qos-filter_31bf3856ad364e35_10.0.19041.1_none_ff9700c950ae3c03\storqosflt.sys Handle ID: 0x1360 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_10.0.19041.1_none_b9c73bb7af849d32\srvnet.sys Handle ID: 0x8dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.h..pedrive-driverclass_31bf3856ad364e35_10.0.19041.1_none_481addfb5cac00db\tape.sys Handle ID: 0x136c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-streamclass_31bf3856ad364e35_10.0.19041.1_none_1455a334d70035f7\stream.sys Handle ID: 0x1368 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tdi-driver_31bf3856ad364e35_10.0.19041.1_none_1cdf560fd553ffa5\tdi.sys Handle ID: 0x1364 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_10.0.19041.1_none_a02ed5cf7b732f32\tdx.sys Handle ID: 0x138c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tm_31bf3856ad364e35_10.0.19041.1_none_030656e323303a3e\tm.sys Handle ID: 0x8c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usb-ude-classextension_31bf3856ad364e35_10.0.19041.1_none_945b34440635663e\Udecx.sys Handle ID: 0x1384 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ucx-classextension_31bf3856ad364e35_10.0.19041.1_none_7ad3e75c3ea3b541\Ucx01000.sys Handle ID: 0x1370 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_10.0.19041.1_none_8fdda6f295d93a41\srv2.sys Handle ID: 0x13bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storport_31bf3856ad364e35_10.0.19041.1_none_dd6d5c2ccf8c6c4e\storport.sys Handle ID: 0x13c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-videoport_31bf3856ad364e35_10.0.19041.1_none_720b5996a3c20047\videoprt.sys Handle ID: 0x13dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-udfs_31bf3856ad364e35_10.0.19041.1_none_5c6aa5c6bc41375f\udfs.sys Handle ID: 0x13e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1_none_29421b2ffbc5ca5c\vmbkmcl.sys Handle ID: 0x13e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs_31bf3856ad364e35_10.0.19041.1_none_5c678e20bc4404fb\refs.sys Handle ID: 0x13fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-watchdog_31bf3856ad364e35_10.0.19041.1_none_1659f5c048d9982c\watchdog.sys Handle ID: 0x13e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-core_31bf3856ad364e35_10.0.19041.1_none_e7d7871a6376ff0e\wanarp.sys Handle ID: 0x13cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-driververifier-xdv_31bf3856ad364e35_10.0.19041.1_none_0c9b9f6e3d7d334c\VerifierExt.sys Handle ID: 0x8c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntfs_31bf3856ad364e35_10.0.19041.1_none_5c623740bc49200e\ntfs.sys Handle ID: 0x8a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.19041.1_none_3eecafedb43c1031\wimmount.sys Handle ID: 0x770 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingkernel_31bf3856ad364e35_10.0.19041.1_none_04dc677714cccaca\werkernel.sys Handle ID: 0x1404 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b61\winhv.sys Handle ID: 0x13b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_10.0.19041.1_none_2c4425bdbd499f65\WdfLdr.sys Handle ID: 0x13b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmilib_31bf3856ad364e35_10.0.19041.1_none_0f4607daa38a37c5\wmilib.sys Handle ID: 0x13ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimfsf_31bf3856ad364e35_10.0.19041.1_none_6c8d18be3b8fcba9\wimfsf.sys Handle ID: 0x13a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wpprecorder_31bf3856ad364e35_10.0.19041.1_none_cb2d33f4b1bd1134\WppRecorder.sys Handle ID: 0x142c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_10.0.19041.1_none_0577ae58672b2cbc\ws2ifsl.sys Handle ID: 0x77c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dynamicvolumemanager_31bf3856ad364e35_10.0.19041.1_none_92f3cf8625865d67\volmgrx.sys Handle ID: 0x1438 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-overlayfilter_31bf3856ad364e35_10.0.19041.1_none_a9a7a2a4e2fa918f\wof.sys Handle ID: 0x1430 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-volsnap_31bf3856ad364e35_10.0.19041.1_none_151b030c40cdc642\volsnap.sys Handle ID: 0x788 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_10.0.19041.1_none_2c4425bdbd499f65\Wdf01000.sys Handle ID: 0x14bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_el-gr_186028e93577e86a\comctl32.dll.mui Handle ID: 0x1534 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_el-gr_b81b0338a64039a9\fms.dll.mui Handle ID: 0x1544 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_el-gr_3bd907f1b2639322\mlang.dll.mui Handle ID: 0x1548 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_el-gr_15e130096184ec48\cdosys.dll.mui Handle ID: 0x8e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_el-gr_1cf4939a9885c794\msprivs.dll.mui Handle ID: 0x8ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_en-gb_113216313a17d7dc\comctl32.dll.mui Handle ID: 0x154c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_en-gb_b0ecf080aae0291b\fms.dll.mui Handle ID: 0x8e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_en-gb_34aaf539b7038294\mlang.dll.mui Handle ID: 0x1554 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_el-gr_a08c93590f82cc20\comdlg32.dll.mui Handle ID: 0x1558 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_en-us_18bad14f35408ba1\comctl32.dll.mui Handle ID: 0x1530 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_el-gr_fcb8552bfe554c40\msimsg.dll.mui Handle ID: 0x1560 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_en-gb_995e80a11422bb92\comdlg32.dll.mui Handle ID: 0x874 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_en-us_b875ab9ea608dce0\fms.dll.mui Handle ID: 0x88c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_en-us_163bd86f614d8f7f\cdosys.dll.mui Handle ID: 0x1494 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_en-us_1d4f3c00984e6acb\msprivs.dll.mui Handle ID: 0x870 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_es-es_18862e3335677d46\comctl32.dll.mui Handle ID: 0x1564 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_en-us_3c33b057b22c3659\mlang.dll.mui Handle ID: 0x86c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_en-gb_f58a427402f53bb2\msimsg.dll.mui Handle ID: 0x157c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_es-es_1d1a98e498755c70\msprivs.dll.mui Handle ID: 0x1584 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_es-es_b8410882a62fce85\fms.dll.mui Handle ID: 0x868 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_es-es_3bff0d3bb25327fe\mlang.dll.mui Handle ID: 0x1588 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_es-mx_1abd1bd933fb60f1\comctl32.dll.mui Handle ID: 0x1574 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_en-us_a0e73bbf0f4b6f57\comdlg32.dll.mui Handle ID: 0x158c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_es-es_1607355361748124\cdosys.dll.mui Handle ID: 0x1590 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_et-ee_1245f9c3396d59d5\comctl32.dll.mui Handle ID: 0x1570 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_es-mx_ba77f628a4c3b230\fms.dll.mui Handle ID: 0x15a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_en-us_fd12fd91fe1def77\msimsg.dll.mui Handle ID: 0x156c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_es-mx_3e35fae1b0e70ba9\mlang.dll.mui Handle ID: 0x15a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_es-es_a0b298a30f7260fc\comdlg32.dll.mui Handle ID: 0x15b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_et-ee_b200d412aa35ab14\fms.dll.mui Handle ID: 0x15b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_b7a132e02a816f70\comctl32.dll.mui Handle ID: 0x15a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_et-ee_35bed8cbb659048d\mlang.dll.mui Handle ID: 0x15c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_es-mx_a2e986490e0644a7\comdlg32.dll.mui Handle ID: 0x15c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_es-es_fcde5a75fe44e11c\msimsg.dll.mui Handle ID: 0x15c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_b5223a00568e734e\cdosys.dll.mui Handle ID: 0x15cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_575c0d2f9b49c0af\fms.dll.mui Handle ID: 0x15bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_bc359d918d8f4e9a\msprivs.dll.mui Handle ID: 0x15d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_b3b3ee7c2d11f9ce\comctl32.dll.mui Handle ID: 0x159c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_et-ee_9a72643313783d8b\comdlg32.dll.mui Handle ID: 0x15e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_db1a11e8a76d1a28\mlang.dll.mui Handle ID: 0x15d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_536ec8cb9dda4b0d\fms.dll.mui Handle ID: 0x15ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_et-ee_f69e2606024abdab\msimsg.dll.mui Handle ID: 0x15f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_d72ccd84a9fda486\mlang.dll.mui Handle ID: 0x15f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bb3da432283993a8\comctl32.dll.mui Handle ID: 0x1490 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_3fcd9d50048c5326\comdlg32.dll.mui Handle ID: 0x1600 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bfd20ee38b4772d2\msprivs.dll.mui Handle ID: 0x1604 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_es-mx_ff15481bfcd8c4c7\msimsg.dll.mui Handle ID: 0x1608 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5af87e819901e4e7\fms.dll.mui Handle ID: 0x148c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_deb6833aa5253e60\mlang.dll.mui Handle ID: 0x1610 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b8beab5254469786\cdosys.dll.mui Handle ID: 0x1614 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_he-il_ff5d4bd40ea89496\comctl32.dll.mui Handle ID: 0x160c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_9bf95f22f35ed346\msimsg.dll.mui Handle ID: 0x15fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_he-il_9f1826237f70e5d5\fms.dll.mui Handle ID: 0x1488 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_3be058ec071cdd84\comdlg32.dll.mui Handle ID: 0x900 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_he-il_22d62adc8b943f4e\mlang.dll.mui Handle ID: 0x890 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_0179feb40d5c015c\comctl32.dll.mui Handle ID: 0x8f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_he-il_fcde52f43ab59874\cdosys.dll.mui Handle ID: 0x908 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_02ae247a0c9962c4\comctl32.dll.mui Handle ID: 0x914 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_a134d9037e24529b\fms.dll.mui Handle ID: 0x860 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_436a0ea20244775e\comdlg32.dll.mui Handle ID: 0x1598 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_24f2ddbc8a47ac14\mlang.dll.mui Handle ID: 0x90c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_he-il_8789b643e8b3784c\comdlg32.dll.mui Handle ID: 0xbe0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_980c1abef5ef5da4\msimsg.dll.mui Handle ID: 0xbdc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_he-il_e3b57816d785f86c\msimsg.dll.mui Handle ID: 0xbd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_07428f2b6fa741ee\msprivs.dll.mui Handle ID: 0xbe4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_it-it_a5659a78ff6b7926\comctl32.dll.mui Handle ID: 0x89c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_a268fec97d61b403\fms.dll.mui Handle ID: 0x1624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_002f2b9a38a666a2\cdosys.dll.mui Handle ID: 0xbe8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_2627038289850d7c\mlang.dll.mui Handle ID: 0x85c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9f95d074f116f77e\msimsg.dll.mui Handle ID: 0x1634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_it-it_a9fa052a62795850\msprivs.dll.mui Handle ID: 0x1638 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_89a66923e766e512\comdlg32.dll.mui Handle ID: 0x163c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_it-it_452074c87033ca65\fms.dll.mui Handle ID: 0xbec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_478b1985f2868b01\comctl32.dll.mui Handle ID: 0x1630 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_it-it_c8de79817c5723de\mlang.dll.mui Handle ID: 0x1640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e745f3d5634edc40\fms.dll.mui Handle ID: 0xbf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_450c20a61e938edf\cdosys.dll.mui Handle ID: 0x1644 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4c1f843755946a2b\msprivs.dll.mui Handle ID: 0x164c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_it-it_a2e6a1992b787d04\cdosys.dll.mui Handle ID: 0xbf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6b03f88e6f7235b9\mlang.dll.mui Handle ID: 0x1654 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_8ada8ee9e6a4467a\comdlg32.dll.mui Handle ID: 0x1658 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_eaf4f63ae4f75217\comctl32.dll.mui Handle ID: 0x1650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_e5d22af6d6396532\msimsg.dll.mui Handle ID: 0x1660 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_ef8960ec48053141\msprivs.dll.mui Handle ID: 0x162c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_8aafd08a55bfa356\fms.dll.mui Handle ID: 0x1468 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_8ec0223bd71f1db4\comctl32.dll.mui Handle ID: 0x1104 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_0e6dd54361e2fccf\mlang.dll.mui Handle ID: 0x167c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_cfb783f5cc916eb7\comdlg32.dll.mui Handle ID: 0x1680 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_e875fd5b110455f5\cdosys.dll.mui Handle ID: 0x1684 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_8f8d90bfd69d5ea4\comctl32.dll.mui Handle ID: 0x1670 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_e70650bcd576c69a\msimsg.dll.mui Handle ID: 0x1694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_it-it_2d9204e8d9765cdc\comdlg32.dll.mui Handle ID: 0x1698 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2be345c8bb63eed7\msimsg.dll.mui Handle ID: 0x169c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_2e7afc8b47e76ef3\fms.dll.mui Handle ID: 0x16a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_b2390144540ac86c\mlang.dll.mui Handle ID: 0x1690 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_732160aabf0235cd\comdlg32.dll.mui Handle ID: 0x1674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_2f486b0f4765afe3\fms.dll.mui Handle ID: 0x16b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-driver_31bf3856ad364e35_10.0.19041.1_none_8de99335568c2092\tcpip.sys Handle ID: 0x16b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_cf4d227dadd4b5ed\msimsg.dll.mui Handle ID: 0x16b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_b3066fc85389095c\mlang.dll.mui Handle ID: 0x16ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_nb-no_d387776fbd1c7dd3\comctl32.dll.mui Handle ID: 0x16a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_it-it_89bdc6bbc848dcfc\msimsg.dll.mui Handle ID: 0x16c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpmigration_31bf3856ad364e35_10.0.19041.1_none_1ee1bf0adb4eaf7d\pnpmig.inf Handle ID: 0x16c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_16ec8cabb12a016a\comdlg32.dll.mui Handle ID: 0x16cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_nb-no_734251bf2de4cf12\fms.dll.mui Handle ID: 0x16d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\bench_16.bin Handle ID: 0x16c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_nb-no_d81be221202a5cfd\msprivs.dll.mui Handle ID: 0x16a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_nb-no_f70056783a08288b\mlang.dll.mui Handle ID: 0x16e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\bench_24.bin Handle ID: 0x16d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_nb-no_d1087e8fe92981b1\cdosys.dll.mui Handle ID: 0x16e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\bench_32.bin Handle ID: 0x16e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_17b9fb2fb0a8425a\comdlg32.dll.mui Handle ID: 0x16dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\house_16.bin Handle ID: 0x16f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_73184e7e9ffc818a\msimsg.dll.mui Handle ID: 0x16f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\house_24.bin Handle ID: 0x16fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\house_32.bin Handle ID: 0x1700 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\office_16.bin Handle ID: 0x1704 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\bench_48.bin Handle ID: 0x170c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip_31bf3856ad364e35_10.0.19041.1_none_1776a3602eb73133\netiomig.dll Handle ID: 0x16f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\office_24.bin Handle ID: 0x1710 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\office_32.bin Handle ID: 0x1714 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\house_48.bin Handle ID: 0x1668 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\office_48.bin Handle ID: 0x171c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_73e5bd029f7ac27a\msimsg.dll.mui Handle ID: 0x1720 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mup_31bf3856ad364e35_10.0.19041.1_none_62e356b1f7e14f33\MupMigPlugin.dll Handle ID: 0x93c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_d1c6c2adbe4887a8\comctl32.dll.mui Handle ID: 0x1718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_d65b2d5f215666d2\msprivs.dll.mui Handle ID: 0x924 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_nb-no_5bb3e1df97276189\comdlg32.dll.mui Handle ID: 0x940 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_18031d2fa36af55c\comctl32.dll.mui Handle ID: 0x904 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_71819cfd2f10d8e7\fms.dll.mui Handle ID: 0x172c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_f53fa1b63b343260\mlang.dll.mui Handle ID: 0x938 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs_31bf3856ad364e35_10.0.19041.1_none_643da99ff70141b5\SxsMigPlugin.dll Handle ID: 0x1664 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_1c9787e10678d486\msprivs.dll.mui Handle ID: 0x1708 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_pt-br_1a5707d3a1f48940\comctl32.dll.mui Handle ID: 0x166c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_cf47c9cdea558b86\cdosys.dll.mui Handle ID: 0x930 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_3b7bfc382056a014\mlang.dll.mui Handle ID: 0x928 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_b7bdf77f1433469b\fms.dll.mui Handle ID: 0x92c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_1584244fcf77f93a\cdosys.dll.mui Handle ID: 0x798 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_10.0.19041.1_none_27770adb9e444fec\CntrtextMig.dll Handle ID: 0x7e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_nb-no_b7dfa3b285f9e1a9\msimsg.dll.mui Handle ID: 0x778 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_pt-br_1eeb72850502686a\msprivs.dll.mui Handle ID: 0x634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_pt-br_ba11e22312bcda7f\fms.dll.mui Handle ID: 0x8a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_1b38d73fa163f91c\comctl32.dll.mui Handle ID: 0x944 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_pt-br_3dcfe6dc1ee033f8\mlang.dll.mui Handle ID: 0xbf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_pt-br_17d80ef3ce018d1e\cdosys.dll.mui Handle ID: 0x1648 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\cis.scp Handle ID: 0x1724 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_59f32d1d98536b5e\comdlg32.dll.mui Handle ID: 0x954 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_1fcd41f10471d846\msprivs.dll.mui Handle ID: 0x918 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_baf3b18f122c4a5b\fms.dll.mui Handle ID: 0x950 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\pppmenu.scp Handle ID: 0xc04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_a02f879f7d75d912\comdlg32.dll.mui Handle ID: 0x94c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_3eb1b6481e4fa3d4\mlang.dll.mui Handle ID: 0x91c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\switch.inf Handle ID: 0x6b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_5f739d7787cac478\comctl32.dll.mui Handle ID: 0xbfc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\pad.inf Handle ID: 0x1688 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_18b9de5fcd70fcfa\cdosys.dll.mui Handle ID: 0x1730 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_61dbe90386458748\comctl32.dll.mui Handle ID: 0x1734 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_b61eeef08725eb7e\msimsg.dll.mui Handle ID: 0xc14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_ff2e77c6f89315b7\fms.dll.mui Handle ID: 0x1740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_fc5b49726c485932\msimsg.dll.mui Handle ID: 0x1744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_pt-br_a28372437bff6cf6\comdlg32.dll.mui Handle ID: 0x650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_82ec7c8004b66f30\mlang.dll.mui Handle ID: 0x1748 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_667053b4e9536672\msprivs.dll.mui Handle ID: 0x174c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_0196c352f70dd887\fms.dll.mui Handle ID: 0x1750 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_00f6edb07b5f7972\comctl32.dll.mui Handle ID: 0xc10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_8554c80c03313200\mlang.dll.mui Handle ID: 0x1758 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_a36541af7b6edcd2\comdlg32.dll.mui Handle ID: 0x175c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_5f5cf023b2528b26\cdosys.dll.mui Handle ID: 0x1754 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_pt-br_feaf34166ad1ed16\msimsg.dll.mui Handle ID: 0x1760 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_a0b1c7ffec27cab1\fms.dll.mui Handle ID: 0x1768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_sl-si_00090f687bf98c55\comctl32.dll.mui Handle ID: 0x173c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_246fccb8f84b242a\mlang.dll.mui Handle ID: 0x708 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_ff9103826a415cf2\msimsg.dll.mui Handle ID: 0x176c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smi-engine_31bf3856ad364e35_10.0.19041.1_none_4e063d17b240687b\WcmTypes.xsd Handle ID: 0x1738 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasapi_31bf3856ad364e35_10.0.19041.1_none_23288cedeee2b8f7\pbkmigr.dll Handle ID: 0x1774 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_e7a007e761d5a82e\comdlg32.dll.mui Handle ID: 0x1620 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_sl-si_9fc3e9b7ecc1dd94\fms.dll.mui Handle ID: 0x15e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_10.0.19041.1_none_e78aa3d4e79f21f4\tssysprep.dll Handle ID: 0x1780 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_ea08537360506afe\comdlg32.dll.mui Handle ID: 0x640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_sl-si_2381ee70f8e5370d\mlang.dll.mui Handle ID: 0x1764 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_43cbc9ba50a8284e\msimsg.dll.mui Handle ID: 0x8fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_463415464f22eb1e\msimsg.dll.mui Handle ID: 0x6a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_89235820556a5d28\comdlg32.dll.mui Handle ID: 0x1778 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_sl-si_883579d85604700b\comdlg32.dll.mui Handle ID: 0x179c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpmigration_31bf3856ad364e35_10.0.19041.1_none_1ee1bf0adb4eaf7d\pnpmig.dll Handle ID: 0x17a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_e54f19f3443cdd48\msimsg.dll.mui Handle ID: 0x17a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_a63977acf10b3386\comctl32.dll.mui Handle ID: 0x1798 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_sl-si_e4613bab44d6f02b\msimsg.dll.mui Handle ID: 0x17b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_sv-se_fdd6d3787d6e91a3\comctl32.dll.mui Handle ID: 0x17b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_sv-se_026b3e29e07c70cd\msprivs.dll.mui Handle ID: 0x17c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_45f451fc61d384c5\fms.dll.mui Handle ID: 0x17c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_th-th_a2e0f52b6eb34ee4\comctl32.dll.mui Handle ID: 0x1794 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_c9b256b56df6de3e\mlang.dll.mui Handle ID: 0x17d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_sv-se_9d91adc7ee36e2e2\fms.dll.mui Handle ID: 0x17d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_sv-se_214fb280fa5a3c5b\mlang.dll.mui Handle ID: 0x17e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_a6e41dbf6c2a9394\comctl32.dll.mui Handle ID: 0x17d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_th-th_429bcf7adf7ba023\fms.dll.mui Handle ID: 0x17bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_sv-se_fb57da98a97b9581\cdosys.dll.mui Handle ID: 0x6c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_ab788870cf3872be\msprivs.dll.mui Handle ID: 0xc1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_th-th_c659d433eb9ef99c\mlang.dll.mui Handle ID: 0x6b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_42c40066635bb9e0\comctl32.dll.mui Handle ID: 0xc20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_469ef80edcf2e4d3\fms.dll.mui Handle ID: 0x1790 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_ca5cfcc7e9163e4c\mlang.dll.mui Handle ID: 0x6c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e27edab5d4240b1f\fms.dll.mui Handle ID: 0xc24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_a46524df98379772\cdosys.dll.mui Handle ID: 0x17e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_2e65e21ccb16173c\comdlg32.dll.mui Handle ID: 0x6c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_663cdf6ee0476498\mlang.dll.mui Handle ID: 0x17e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_sv-se_86033de857797559\comdlg32.dll.mui Handle ID: 0x17ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc-tracing_31bf3856ad364e35_10.0.19041.1_none_91e7777d1ebf6053\firewallapi.mof Handle ID: 0xc28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\ipsecsvc.mof Handle ID: 0x1788 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-classpnp_31bf3856ad364e35_10.0.19041.1_none_cb743c1f4b6f5bbd\classlog.mof Handle ID: 0x6ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..opinstallcomponents_31bf3856ad364e35_10.0.19041.1_none_a8bea44d075fad04\drvinst.mof Handle ID: 0x7ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_th-th_2b0d5f9b48be329a\comdlg32.dll.mui Handle ID: 0x178c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_8a91a3efb9e8975c\msimsg.dll.mui Handle ID: 0x6a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_th-th_8739216e3790b2ba\msimsg.dll.mui Handle ID: 0x1784 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_sv-se_e22effbb464bf579\msimsg.dll.mui Handle ID: 0x1594 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_2f10882f4635774a\comdlg32.dll.mui Handle ID: 0x780 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-mof_31bf3856ad364e35_10.0.19041.1_none_b0c0473940a4df7c\lsasrv.mof Handle ID: 0x87c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_10.0.19041.1_none_a8893249a6634a0f\mountmgr.mof Handle ID: 0x7c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc-tracing_31bf3856ad364e35_10.0.19041.1_none_91e7777d1ebf6053\mpsdrv.mof Handle ID: 0x7cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc-tracing_31bf3856ad364e35_10.0.19041.1_none_91e7777d1ebf6053\mpssvc.mof Handle ID: 0xaf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces_31bf3856ad364e35_10.0.19041.1_none_1c2a0fb54ce86e17\mispace_uninstall.mof Handle ID: 0x1824 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\ncprov.mof Handle ID: 0x1820 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_10.0.19041.1_none_0f468bb8c7699238\ndistrace.mof Handle ID: 0x181c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\polstore.mof Handle ID: 0x1818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-netlogon-mof_31bf3856ad364e35_10.0.19041.1_none_14d75236e15b3e8b\nlsvc.mof Handle ID: 0x1814 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_d1bc032a24676029\newdev.mof Handle ID: 0x1810 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_c76758d7f0069e2e\newdev.mof Handle ID: 0x180c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs-mof_31bf3856ad364e35_10.0.19041.1_none_a34ab671cd1c0418\refs.mof Handle ID: 0x1804 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs-v1-mof_31bf3856ad364e35_10.0.19041.1_none_f03beea17c348eb6\refsv1.mof Handle ID: 0x17fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_caf06ad63d669d96\comdlg32.dll.mui Handle ID: 0x6cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_8b3c4a023507f76a\msimsg.dll.mui Handle ID: 0x17f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\interop.mof Handle ID: 0x17f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_10.0.19041.1_none_78e285fc678d0c6a\sdbus.mof Handle ID: 0x17f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof-admin_31bf3856ad364e35_10.0.19041.1_none_7d3d8e8467b75d73\scrcons.mof Handle ID: 0x182c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_10.0.19041.1_none_8550cdeb6ca68785\services.mof Handle ID: 0x1828 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_f53b118699fc22cb\setupapi.mof Handle ID: 0x1864 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_eae66734659b60d0\setupapi.mof Handle ID: 0x1860 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof-admin_31bf3856ad364e35_10.0.19041.1_none_7d3d8e8467b75d73\subscrpt.mof Handle ID: 0x1868 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-rassstp_31bf3856ad364e35_10.0.19041.1_none_4fc2bd76874a036f\sstpsvc.mof Handle ID: 0x186c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof-admin_31bf3856ad364e35_10.0.19041.1_none_7d3d8e8467b75d73\smtpcons.mof Handle ID: 0x1870 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_271c2ca92c391db6\msimsg.dll.mui Handle ID: 0x1874 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wdf-kernellibrary-mof_31bf3856ad364e35_10.0.19041.1_none_384e8526bab471fe\Wdf01000Uninstall.mof Handle ID: 0x1878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..opinstallcomponents_31bf3856ad364e35_10.0.19041.1_none_a8bea44d075fad04\umpnpmgr.mof Handle ID: 0x187c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc-tracing_31bf3856ad364e35_10.0.19041.1_none_91e7777d1ebf6053\WFAPIGP.mof Handle ID: 0x1884 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-security-mof_31bf3856ad364e35_10.0.19041.1_none_6c409dd882170ccf\WFP.MOF Handle ID: 0x1880 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_10.0.19041.1_none_8550cdeb6ca68785\scm.mof Handle ID: 0x1888 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wdf-kernellibrary-mof_31bf3856ad364e35_10.0.19041.1_none_384e8526bab471fe\Wdf01000.mof Handle ID: 0x188c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\winipsec.mof Handle ID: 0x1890 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\WMI_Tracing.mof Handle ID: 0x1894 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-classpnp_31bf3856ad364e35_10.0.19041.1_none_cb743c1f4b6f5bbd\stortrace.mof Handle ID: 0x1898 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-apis_31bf3856ad364e35_10.0.19041.1_none_8618dfed22edf4fa\smbwmiv2.mof Handle ID: 0x189c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\wmi.mof Handle ID: 0x18a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof-admin_31bf3856ad364e35_10.0.19041.1_none_7d3d8e8467b75d73\WBEMCons.mof Handle ID: 0x1858 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ry-services-sam-mof_31bf3856ad364e35_10.0.19041.1_none_771f52b46f435b04\samsrv.mof Handle ID: 0xc7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\wmipcima.mof Handle ID: 0xc78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\secrcw32.mof Handle ID: 0xc74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbClientNetworkInterface.cdxml Handle ID: 0xc70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbBandwidthLimit.cdxml Handle ID: 0x1850 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbConnection.cdxml Handle ID: 0x18a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbMultichannelConnection.cdxml Handle ID: 0x185c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbClientConfiguration.cdxml Handle ID: 0x184c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbGlobalMapping.cdxml Handle ID: 0xc64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbServerNetworkInterface.cdxml Handle ID: 0xc68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbMapping.cdxml Handle ID: 0xc6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\system.mof Handle ID: 0xca0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbScriptModule.psm1 Handle ID: 0xc58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbMultichannelConstraint.cdxml Handle ID: 0xc5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbOpenFile.cdxml Handle ID: 0xc60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\Smb.types.ps1xml Handle ID: 0x1848 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbShare.Format.Helper.psm1 Handle ID: 0x1844 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbServerCertificateMapping.cdxml Handle ID: 0x1840 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbSession.cdxml Handle ID: 0x183c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbShare.psd1 Handle ID: 0x1838 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_78413bbd1c6265b3\comctl32.dll.mui Handle ID: 0x1830 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbServerConfiguration.cdxml Handle ID: 0x161c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_7cd5a66e7f7044dd\msprivs.dll.mui Handle ID: 0xca8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_17fc160c8d2ab6f2\fms.dll.mui Handle ID: 0xcac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_7c3d791319d34223\comctl32.dll.mui Handle ID: 0xcb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\Smb.format.ps1xml Handle ID: 0xc98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_9bba1ac5994e106b\mlang.dll.mui Handle ID: 0xca4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_80d1e3c47ce1214d\msprivs.dll.mui Handle ID: 0xcd0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_1bf853628a9b9362\fms.dll.mui Handle ID: 0xcb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_75c242dd486f6991\cdosys.dll.mui Handle ID: 0xccc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_9fb6581b96beecdb\mlang.dll.mui Handle ID: 0xcc8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_5c9967ffe53fc989\msimsg.dll.mui Handle ID: 0xcc0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbShare.cdxml Handle ID: 0xc38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_79be803345e04601\cdosys.dll.mui Handle ID: 0xd00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_6095a555e2b0a5f9\msimsg.dll.mui Handle ID: 0xcfc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_006da62cf66d4969\comdlg32.dll.mui Handle ID: 0xcf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_0469e382f3de25d9\comdlg32.dll.mui Handle ID: 0xcf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..on-authui-component_31bf3856ad364e35_10.0.19041.1_none_92c85869af354084\authui.dll.mun Handle ID: 0xcf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1_none_250b9aff0f5d41ee\notepad.exe.mun Handle ID: 0xcb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml30_31bf3856ad364e35_10.0.19041.1_none_3e5f4e1e3633a8b7\msxml3.dll.mun Handle ID: 0xcbc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32_31bf3856ad364e35_10.0.19041.1_none_6ba21f2545051a20\comdlg32.dll.mun Handle ID: 0xcd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.19041.1_none_2bb4bd9d8e22a014\msctf.dll.mun Handle ID: 0xcdc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_10.0.19041.1_none_3bdf68e23780d992\cryptui.dll.mun Handle ID: 0xce0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-raschap_31bf3856ad364e35_10.0.19041.1_none_c8b0108916a9fd61\raschapext.dll.mun Handle ID: 0x758 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntshrui_31bf3856ad364e35_10.0.19041.1_none_1200bbf49bbc4b88\ntshrui.dll.mun Handle ID: 0x754 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-aclui_31bf3856ad364e35_10.0.19041.1_none_0afb6ba153044137\aclui.dll.mun Handle ID: 0xc44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_c76758d7f0069e2e\newdev.dll.mun Handle ID: 0xc4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_10.0.19041.1_none_1160cf5f7d314d55\crypt32.dll.mun Handle ID: 0xc50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-rastls_31bf3856ad364e35_10.0.19041.1_none_e42068617a44f942\rastls.dll.mun Handle ID: 0xc54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rastls_31bf3856ad364e35_10.0.19041.1_none_22563971ef8166c8\rastlsext.dll.mun Handle ID: 0x1854 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasdlg_31bf3856ad364e35_10.0.19041.1_none_23044991eefe742c\rasdlg.dll.mun Handle ID: 0x1100 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_10.0.19041.1_none_92265dee13580837\printui.dll.mun Handle ID: 0x16d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-browserservice-netapi_31bf3856ad364e35_10.0.19041.1_none_edd31baf6b791931\browcli.dll Handle ID: 0x934 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..ov2fahelper-library_31bf3856ad364e35_10.0.19041.1_none_710cd97a292dd978\CredProv2faHelper.dll Handle ID: 0x6bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-onecore-console-host-propsheet_31bf3856ad364e35_10.0.19041.1_none_de1e1a00f16d8e79\console.dll Handle ID: 0x10f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_10.0.19041.1_none_248d91ddf4389abd\CredentialUIBroker.exe Handle ID: 0x6e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-propsys_31bf3856ad364e35_7.0.19041.1_none_64de91323c1f66b7\propsys.dll.mun Handle ID: 0xc3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-credui-onecore_31bf3856ad364e35_10.0.19041.1_none_3b9b94b6f7844814\credui.dll Handle ID: 0x764 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..iderslegacy-library_31bf3856ad364e35_10.0.19041.1_none_1cb2dbdbf9cc4538\credprovslegacy.dll Handle ID: 0xc40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-consolelogon-library_31bf3856ad364e35_10.0.19041.1_none_459a6a2efab5d5d0\ConsoleLogon.dll Handle ID: 0xc30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_10.0.19041.1_none_d277313aeac89552\bcryptprimitives.dll Handle ID: 0x760 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-debugcore_31bf3856ad364e35_10.0.19041.1_none_bcb626ea1f2a0c98\dbgcore.dll Handle ID: 0xd04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-com-coml2_31bf3856ad364e35_10.0.19041.1_none_de030bd651b5f111\coml2.dll Handle ID: 0xd08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..alproviders-library_31bf3856ad364e35_10.0.19041.1_none_4c60b7f12fdc2a03\credprovs.dll Handle ID: 0xd0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-u..etry-client-wowonly_31bf3856ad364e35_10.0.19041.1_none_4c7da197e5837576\diagnosticdataquery.dll Handle ID: 0xd10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-credprovhost-library_31bf3856ad364e35_10.0.19041.1_none_73c3548001df54b1\credprovhost.dll Handle ID: 0x6fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.19041.1_none_5668834b68c7e852\driverquery.exe Handle ID: 0x964 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces_31bf3856ad364e35_10.0.19041.1_none_1c2a0fb54ce86e17\mispace.mof Handle ID: 0x734 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-vss-eventcls_31bf3856ad364e35_10.0.19041.1_none_a2a5ab50d2eb8f21\eventcls.dll Handle ID: 0x960 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-s..authfactor-credprov_31bf3856ad364e35_10.0.19041.1_none_a8737db62256d73e\devicengccredprov.dll Handle ID: 0x710 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-onecore-pnp-drvsetup_31bf3856ad364e35_10.0.19041.1_none_1e236d5e3754f154\drvsetup.dll Handle ID: 0xce4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-u..etry-client-wowonly_31bf3856ad364e35_10.0.19041.1_none_4c7da197e5837576\dtdump.exe Handle ID: 0x958 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..ovdatamodel-library_31bf3856ad364e35_10.0.19041.1_none_6e9243852acd4e3a\CredProvDataModel.dll Handle ID: 0xcec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-expand_31bf3856ad364e35_10.0.19041.1_none_18b834522b9eb97e\expand.exe Handle ID: 0xcd4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-s..ertificates-utility_31bf3856ad364e35_10.0.19041.1_none_49436407fe6823f4\fvecerts.dll Handle ID: 0x808 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.19041.1_none_2cda3b956fcdb26f\InfDefaultInstall.exe Handle ID: 0xc48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_10.0.19041.1_none_e2a1e85b858f5f9e\comres.dll.mun Handle ID: 0x704 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-coreos_31bf3856ad364e35_10.0.19041.1_none_e597fe1d120f8fad\imagehlp.dll Handle ID: 0x1808 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-s..-credential-manager_31bf3856ad364e35_10.0.19041.1_none_11dc7b5a5b16397b\KeyCredMgr.dll Handle ID: 0xc2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-difxapi_31bf3856ad364e35_10.0.19041.1_none_62160f8e7d3231a2\difxapi.dll Handle ID: 0x6d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\KerbClientShared.dll Handle ID: 0x9a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_d1bc032a24676029\ndadmin.exe Handle ID: 0x984 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.19041.1_none_805f7a2ac157fb08\MuiUnattend.exe Handle ID: 0x744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1_none_0067ac1cb4a6c8bc\DbgModel.dll Handle ID: 0x9a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_e01afed6f525cf3c\NetDriverInstall.dll Handle ID: 0x994 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-securestartup-core_31bf3856ad364e35_10.0.19041.1_none_f5205dbec5dd4148\fveapibase.dll Handle ID: 0x6ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\netshell.dll.mun Handle ID: 0x988 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_d1bc032a24676029\newdev.exe Handle ID: 0x6e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_b632b88aa1af2da8\normaliz.dll Handle ID: 0x6f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_e01afed6f525cf3c\NetSetupApi.dll Handle ID: 0x99c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_32a7dab59b322918\nsi.dll Handle ID: 0x990 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-security-ngc-local_31bf3856ad364e35_10.0.19041.1_none_c95bfc009f0aefab\ngclocal.dll Handle ID: 0x9b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\NtlmShared.dll Handle ID: 0x6e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-ntlanman_31bf3856ad364e35_10.0.19041.1_none_f056cd9ab65e68c5\ntlanman.dll Handle ID: 0x740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_d1bc032a24676029\newdev.dll Handle ID: 0x974 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.19041.1_none_1b575ad951209106\rdrleakdiag.exe Handle ID: 0x9ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-msvcp110_31bf3856ad364e35_10.0.19041.1_none_adfc02db44d455d9\msvcp110_win.dll Handle ID: 0x73c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-flighting-settings_31bf3856ad364e35_10.0.19041.1_none_491c0bd0c2d56716\FlightSettings.dll Handle ID: 0x97c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-onecorecommonproxystub_31bf3856ad364e35_10.0.19041.1_none_f6e8b9ece5bea2ec\OneCoreCommonProxyStub.dll Handle ID: 0x7f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-securestartup-core_31bf3856ad364e35_10.0.19041.1_none_f5205dbec5dd4148\fveapi.dll Handle ID: 0x6f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-spfileq_31bf3856ad364e35_10.0.19041.1_none_352c8e03937c933e\spfileq.dll Handle ID: 0x65c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-syssetup_31bf3856ad364e35_10.0.19041.1_none_311643a36b7513d0\syssetup.dll Handle ID: 0x98c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-spinf_31bf3856ad364e35_10.0.19041.1_none_1de64e934c2b7290\spinf.dll Handle ID: 0x700 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-ole-automation-stdole2_31bf3856ad364e35_10.0.19041.1_none_a91c7b19ecb3924a\stdole2.tlb Handle ID: 0xcc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_46aa361bda445aec\PkgMgr.exe Handle ID: 0x9bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_46aa361bda445aec\SSShim.dll Handle ID: 0xd14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-drvstore_31bf3856ad364e35_10.0.19041.1_none_b13a0d01174375ff\drvstore.dll Handle ID: 0x968 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-s..stedsignal-credprov_31bf3856ad364e35_10.0.19041.1_none_8ea8ef13ae7bad36\TrustedSignalCredProv.dll Handle ID: 0x96c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_e01afed6f525cf3c\NetSetupEngine.dll Handle ID: 0x970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-vssapi-core_31bf3856ad364e35_10.0.19041.1_none_9a7f72edef871c0c\vsstrace.dll Handle ID: 0x738 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1_none_6331d348ae4a8fa9\poqexec.exe Handle ID: 0x68c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_793931906e451236\win32u.dll Handle ID: 0x9b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-pantherengine_31bf3856ad364e35_10.0.19041.1_none_07e3e1908cd6cd19\wdscore.dll Handle ID: 0x978 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wincredui_31bf3856ad364e35_10.0.19041.1_none_b13a6c7dcf66aa4e\wincredui.dll Handle ID: 0x6b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-i..-ui-logon-proxystub_31bf3856ad364e35_10.0.19041.1_none_bc6f912096457b37\Windows.Internal.UI.Logon.ProxyStub.dll Handle ID: 0x63c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_32a7dab59b322918\winnsi.dll Handle ID: 0x720 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft.windows.winhttpcom_31bf3856ad364e35_5.1.19041.1_none_2fd8a12a70432370\winhttpcom.dll Handle ID: 0x728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-f..tilityrefsv1library_31bf3856ad364e35_10.0.19041.1_none_d0572456ebc7fb51\uReFSv1.dll Handle ID: 0x724 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wmistub_31bf3856ad364e35_10.0.19041.1_none_5e07ff80874528f9\wmi.dll Handle ID: 0x998 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-debughelp_31bf3856ad364e35_10.0.19041.1_none_b8924fec21c9ce8e\dbghelp.dll Handle ID: 0x6a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_793931906e451236\win32k.sys Handle ID: 0x980 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wmi-wmiclnt_31bf3856ad364e35_10.0.19041.1_none_b63b6ccb63bab4e2\wmiclnt.dll Handle ID: 0x688 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_f53b118699fc22cb\wowreg32.exe Handle ID: 0x678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-creddialogcontroller_31bf3856ad364e35_10.0.19041.1_none_ed4a816537073bc2\Windows.UI.CredDialogController.dll Handle ID: 0x67c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wofutil_31bf3856ad364e35_10.0.19041.1_none_4b6cb649e015a028\WofUtil.dll Handle ID: 0x664 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\DismHost.exe Handle ID: 0x624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\DismCorePS.dll Handle ID: 0x66c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wintrust-dll_31bf3856ad364e35_10.0.19041.1_none_aff3f19b6dcf2d79\wintrust.dll Handle ID: 0x718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\FolderProvider.dll Handle ID: 0x670 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\GenericProvider.dll Handle ID: 0x674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\DismProv.dll Handle ID: 0xd64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\DismCore.dll Handle ID: 0xd68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\cimwin32.mof Handle ID: 0xc34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\LogProvider.dll Handle ID: 0xd6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\DmiProvider.dll Handle ID: 0x9c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\ImagingProvider.dll Handle ID: 0x6dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\OfflineSetupProvider.dll Handle ID: 0xd70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\OSProvider.dll Handle ID: 0x660 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\IntlProvider.dll Handle ID: 0xd74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\FfuProvider.dll Handle ID: 0xc90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.1_none_227525fe6bafbbda\windowsperformancerecordercontrol.dll Handle ID: 0xc94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\CbsProvider.dll Handle ID: 0x95c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-base-util-l1-1-0.dll Handle ID: 0xd78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..-winproviders-winpe_31bf3856ad364e35_10.0.19041.1_none_788223d9b154b28e\PEProvider.dll Handle ID: 0x730 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-comm-l1-1-0.dll Handle ID: 0xce8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-console-l1-1-0.dll Handle ID: 0x9ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_31cc1bbc78e3f478\api-ms-win-core-com-l1-1-0.dll Handle ID: 0xd80 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-datetime-l1-1-0.dll Handle ID: 0x694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-datetime-l1-1-1.dll Handle ID: 0xd88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-debug-l1-1-0.dll Handle ID: 0x9e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-debug-l1-1-1.dll Handle ID: 0x9f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-delayload-l1-1-0.dll Handle ID: 0xd84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-errorhandling-l1-1-0.dll Handle ID: 0x9e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-errorhandling-l1-1-1.dll Handle ID: 0xd1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\SmiProvider.dll Handle ID: 0xd50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-fibers-l1-1-0.dll Handle ID: 0x9e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-fibers-l1-1-1.dll Handle ID: 0xda8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\UnattendProvider.dll Handle ID: 0xd4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-file-l1-2-0.dll Handle ID: 0xd58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-file-l1-2-1.dll Handle ID: 0x9dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-file-l1-1-0.dll Handle ID: 0x6f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-core-file-l2-1-0.dll Handle ID: 0xd8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-core-file-l2-1-1.dll Handle ID: 0x9a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-handle-l1-1-0.dll Handle ID: 0xd9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-heap-l1-1-0.dll Handle ID: 0xda0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll Handle ID: 0xda4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-interlocked-l1-1-0.dll Handle ID: 0x9c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-io-l1-1-0.dll Handle ID: 0xdc8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-io-l1-1-1.dll Handle ID: 0xc88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-kernel32-legacy-l1-1-0.dll Handle ID: 0x714 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-kernel32-legacy-l1-1-1.dll Handle ID: 0x72c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll Handle ID: 0xc8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll Handle ID: 0x9d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-libraryloader-l1-1-0.dll Handle ID: 0x9d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-libraryloader-l1-1-1.dll Handle ID: 0x9f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-localization-l1-2-1.dll Handle ID: 0xd94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-localization-l1-2-0.dll Handle ID: 0xd98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\API-MS-Win-core-localization-obsolete-l1-2-0.dll Handle ID: 0xd54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-memory-l1-1-0.dll Handle ID: 0xd7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-vssapi-core_31bf3856ad364e35_10.0.19041.1_none_9a7f72edef871c0c\vssapi.dll Handle ID: 0xdc0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-memory-l1-1-1.dll Handle ID: 0xdc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-memory-l1-1-2.dll Handle ID: 0xdb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-namedpipe-l1-1-0.dll Handle ID: 0xdb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-privateprofile-l1-1-0.dll Handle ID: 0xa04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-privateprofile-l1-1-1.dll Handle ID: 0xd90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-processenvironment-l1-1-0.dll Handle ID: 0x9f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-processenvironment-l1-2-0.dll Handle ID: 0xdac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-processthreads-l1-1-1.dll Handle ID: 0xdfc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-processthreads-l1-1-0.dll Handle ID: 0x9fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-processthreads-l1-1-2.dll Handle ID: 0xa00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-processtopology-obsolete-l1-1-0.dll Handle ID: 0xdf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-profile-l1-1-0.dll Handle ID: 0xe08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-realtime-l1-1-0.dll Handle ID: 0xa08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-registry-l1-1-0.dll Handle ID: 0xa24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-rtlsupport-l1-1-0.dll Handle ID: 0xdb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-registry-l2-1-0.dll Handle ID: 0xa28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-shutdown-l1-1-0.dll Handle ID: 0xe0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll Handle ID: 0xe10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-shlwapi-legacy-l1-1-0.dll Handle ID: 0xa10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-string-l1-1-0.dll Handle ID: 0xa1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-core-string-l2-1-0.dll Handle ID: 0xe28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-core-string-obsolete-l1-1-0.dll Handle ID: 0xe2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-stringansi-l1-1-0.dll Handle ID: 0xa18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-stringloader-l1-1-1.dll Handle ID: 0xdf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-synch-l1-1-0.dll Handle ID: 0xa14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-synch-l1-2-0.dll Handle ID: 0xe04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-sysinfo-l1-2-0.dll Handle ID: 0xde4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-sysinfo-l1-1-0.dll Handle ID: 0xd5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1_none_e748302988525910\KernelBase.dll Handle ID: 0xa3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-sysinfo-l1-2-1.dll Handle ID: 0xde0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-threadpool-l1-2-0.dll Handle ID: 0x680 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-threadpool-legacy-l1-1-0.dll Handle ID: 0xe38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-threadpool-private-l1-1-0.dll Handle ID: 0xe34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-timezone-l1-1-0.dll Handle ID: 0xe30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-util-l1-1-0.dll Handle ID: 0xa30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-url-l1-1-0.dll Handle ID: 0xe24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-version-l1-1-0.dll Handle ID: 0xe3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-wow64-l1-1-0.dll Handle ID: 0xe40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-xstate-l1-1-0.dll Handle ID: 0xe68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-core-xstate-l2-1-0.dll Handle ID: 0xe20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-conio-l1-1-0.dll Handle ID: 0xa2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-environment-l1-1-0.dll Handle ID: 0xe00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-convert-l1-1-0.dll Handle ID: 0xd48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-filesystem-l1-1-0.dll Handle ID: 0x71c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-heap-l1-1-0.dll Handle ID: 0xd28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-locale-l1-1-0.dll Handle ID: 0x9c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-process-l1-1-0.dll Handle ID: 0xe14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-math-l1-1-0.dll Handle ID: 0xe18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-multibyte-l1-1-0.dll Handle ID: 0xd60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-runtime-l1-1-0.dll Handle ID: 0x6d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-stdio-l1-1-0.dll Handle ID: 0xe80 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-string-l1-1-0.dll Handle ID: 0xa48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-time-l1-1-0.dll Handle ID: 0xa54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-utility-l1-1-0.dll Handle ID: 0xd44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-devices-config-L1-1-0.dll Handle ID: 0xe9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll Handle ID: 0xe84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-devices-config-L1-1-1.dll Handle ID: 0xa58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_cb14e155c0d63edb\api-ms-win-eventing-consumer-l1-1-0.dll Handle ID: 0xe88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_cb14e155c0d63edb\API-MS-Win-Eventing-Controller-L1-1-0.dll Handle ID: 0xa50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Eventing-Legacy-L1-1-0.dll Handle ID: 0xde8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-private-l1-1-0.dll Handle ID: 0xd3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-EventLog-Legacy-L1-1-0.dll Handle ID: 0xd38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Eventing-Provider-L1-1-0.dll Handle ID: 0xd34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Security-Lsalookup-L2-1-0.dll Handle ID: 0xd30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_cb14e155c0d63edb\api-ms-win-security-cryptoapi-l1-1-0.dll Handle ID: 0xd2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Security-Lsalookup-L2-1-1.dll Handle ID: 0xe7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-security-base-l1-1-0.dll Handle ID: 0xea0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_cb14e155c0d63edb\API-MS-Win-security-lsapolicy-l1-1-0.dll Handle ID: 0xe78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-security-provider-L1-1-0.dll Handle ID: 0xe6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_cb14e155c0d63edb\api-ms-win-security-sddl-l1-1-0.dll Handle ID: 0xa4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\VhdProvider.dll Handle ID: 0xe8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-core-l1-1-0.dll Handle ID: 0xeb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-core-l1-1-1.dll Handle ID: 0xeb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-management-l1-1-0.dll Handle ID: 0xa70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-management-l2-1-0.dll Handle ID: 0xa6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-private-l1-1-0.dll Handle ID: 0x814 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-private-l1-1-1.dll Handle ID: 0x818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-winsvc-l1-1-0.dll Handle ID: 0xef8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_9aef94c8692c24e6\api-ms-win-shcore-stream-l1-1-0.dll Handle ID: 0xea4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.19041.1_none_46fe4107ec843c76\20bbcadaff3e0543ef358ba4dd8b74bfe8e747c8.xml Handle ID: 0x18d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\WimProvider.dll Handle ID: 0x18c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\ProvProvider.dll Handle ID: 0xf44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\ucrtbase.dll Handle ID: 0xf48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_793931906e451236\win32kfull.sys Handle ID: 0xf58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_f53b118699fc22cb\setupapi.dll Handle ID: 0xf5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1_none_0067ac1cb4a6c8bc\dbgeng.dll Handle ID: 0x69c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 12544 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms Handle ID: 0x78c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms Handle ID: 0x13d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_apppatch_apppatch64_e39bab3b20714e20.cdf-ms Handle ID: 0x1430 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_bg-bg_bf6512730a586be9.cdf-ms Handle ID: 0x1410 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_0f890f82be247f42.cdf-ms Handle ID: 0x1424 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_cs-cz_c14bac6f077e8634.cdf-ms Handle ID: 0x1434 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_da-dk_c3320a1704a4f7d3.cdf-ms Handle ID: 0x8b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_de-de_c331fe2304a50a2d.cdf-ms Handle ID: 0x1438 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_el-gr_c5188d6f01cb33fb.cdf-ms Handle ID: 0x143c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_en-gb_c5186ec701cb622d.cdf-ms Handle ID: 0x788 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_en-us_c5188f0d01cb31d2.cdf-ms Handle ID: 0x110c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_es-es_c5188e5901cb3357.cdf-ms Handle ID: 0xaf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_es-mx_c51897d701cb2522.cdf-ms Handle ID: 0x13ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_et-ee_c51873a101cb5b86.cdf-ms Handle ID: 0x1464 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_fi-fi_c6fef45efef19941.cdf-ms Handle ID: 0x1460 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_fr-ca_c6fee3eafef1b2df.cdf-ms Handle ID: 0x1388 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_fr-fr_c6ff0430fef18279.cdf-ms Handle ID: 0x145c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_hr-hr_cacbf364f93e1bad.cdf-ms Handle ID: 0x768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_hu-hu_cacbf8aaf93e1415.cdf-ms Handle ID: 0x8a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_it-it_ccb26e82f6646337.cdf-ms Handle ID: 0x1108 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_ja-jp_ce98e130f38ab532.cdf-ms Handle ID: 0x1454 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_ko-kr_d07f5a9ef0b10088.cdf-ms Handle ID: 0x146c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_lt-lt_d265d550edd74905.cdf-ms Handle ID: 0x144c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_lv-lv_d265d8d4edd743f5.cdf-ms Handle ID: 0x1450 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_nb-no_d632bd8ee823eac4.cdf-ms Handle ID: 0x1110 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_nl-nl_d632b674e823f679.cdf-ms Handle ID: 0x7e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_pl-pl_d9ffa5a8e2708fad.cdf-ms Handle ID: 0x794 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_pt-br_d9ffafece2708111.cdf-ms Handle ID: 0x1398 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_pt-pt_d9ffb3b8e2707b6d.cdf-ms Handle ID: 0x1478 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_qps-ploc_24e8203102ababf9.cdf-ms Handle ID: 0x898 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_ro-ro_ddcc9a22dcbd2149.cdf-ms Handle ID: 0x1458 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_ru-ru_ddcca4aedcbd1219.cdf-ms Handle ID: 0x1484 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_sk-sk_dfb30ab4d9e37803.cdf-ms Handle ID: 0x8c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_sl-si_dfb306c4d9e37e06.cdf-ms Handle ID: 0x13f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_sr-latn-rs_175a7056497f1cbd.cdf-ms Handle ID: 0x1480 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_sv-se_dfb2fdc4d9e38c94.cdf-ms Handle ID: 0xf00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_tr-tr_e1998e9cd709b2e5.cdf-ms Handle ID: 0x1444 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_uk-ua_e37fe6ecd4302db1.cdf-ms Handle ID: 0x1448 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_zh-cn_ed005608c5ef86a4.cdf-ms Handle ID: 0x1408 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_zh-tw_ed00671ec5ef6d14.cdf-ms Handle ID: 0x14c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_misc_pcat_6b00b12988eafd38.cdf-ms Handle ID: 0x140c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_fonts_fee710f4f7b180e0.cdf-ms Handle ID: 0x14d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_cs-cz_da8bfa0c28cad1cc.cdf-ms Handle ID: 0x894 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_da-dk_da67f50e291bdec5.cdf-ms Handle ID: 0x14a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_de-de_da67f5ee291bdcbb.cdf-ms Handle ID: 0x770 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_el-gr_da43f0fe296cebfd.cdf-ms Handle ID: 0xa74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_es-es_da43ed1c296cf1c1.cdf-ms Handle ID: 0xebc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_fi-fi_da1fe77a29be0007.cdf-ms Handle ID: 0x804 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_fr-fr_da1fe64829be028f.cdf-ms Handle ID: 0xec0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_hu-hu_d9d7d7f62a602593.cdf-ms Handle ID: 0xe74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_it-it_d9b3d1222ab13661.cdf-ms Handle ID: 0x10e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_ja-jp_d98fca962b0246de.cdf-ms Handle ID: 0x10e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_ko-kr_d96bc3742b535818.cdf-ms Handle ID: 0xae8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_nb-no_d8ffaee42c468adc.cdf-ms Handle ID: 0x10e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_nl-nl_d8ffaf642c46898f.cdf-ms Handle ID: 0x10dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_pl-pl_d8b7a1782ce8abbb.cdf-ms Handle ID: 0xae4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_pt-br_d8b7861c2ce8d537.cdf-ms Handle ID: 0x14fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_pt-pt_d8b7a0682ce8adfb.cdf-ms Handle ID: 0x14f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_qps-ploc_109d95b40d3e11cb.cdf-ms Handle ID: 0x14f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_ru-ru_d86f925a2d8ad06f.cdf-ms Handle ID: 0x14f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_sv-se_d84b8da62ddbdc6c.cdf-ms Handle ID: 0x14ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_tr-tr_d82784d42e2cf1c3.cdf-ms Handle ID: 0x14e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_zh-cn_d74f2fe2301398dc.cdf-ms Handle ID: 0x14e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_zh-tw_d74f4ee430136b4c.cdf-ms Handle ID: 0x14d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_0f8921d4be2465c5.cdf-ms Handle ID: 0x7d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_bg-bg_055434d5a37035c0.cdf-ms Handle ID: 0x79c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_cs-cz_073aced1a096500b.cdf-ms Handle ID: 0x1508 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_da-dk_09212c799dbcc1aa.cdf-ms Handle ID: 0x1500 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_de-de_092120859dbcd404.cdf-ms Handle ID: 0x10d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_el-gr_0b07afd19ae2fdd2.cdf-ms Handle ID: 0x1514 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_en-gb_0b0791299ae32c04.cdf-ms Handle ID: 0x1510 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_en-us_0b07b16f9ae2fba9.cdf-ms Handle ID: 0x14e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_es-es_0b07b0bb9ae2fd2e.cdf-ms Handle ID: 0x7e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_es-mx_0b07ba399ae2eef9.cdf-ms Handle ID: 0x14d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_et-ee_0b0796039ae3255d.cdf-ms Handle ID: 0x14cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_fi-fi_0cee16c198096318.cdf-ms Handle ID: 0xae0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_fr-ca_0cee064d98097cb6.cdf-ms Handle ID: 0x10a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_fr-fr_0cee269398094c50.cdf-ms Handle ID: 0x152c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_hr-hr_10bb15c79255e584.cdf-ms Handle ID: 0x1524 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_hu-hu_10bb1b0d9255ddec.cdf-ms Handle ID: 0x14a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_it-it_12a190e58f7c2d0e.cdf-ms Handle ID: 0x14c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_ja-jp_148803938ca27f09.cdf-ms Handle ID: 0x14bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_ko-kr_166e7d0189c8ca5f.cdf-ms Handle ID: 0x14b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_lt-lt_1854f7b386ef12dc.cdf-ms Handle ID: 0x880 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_lv-lv_1854fb3786ef0dcc.cdf-ms Handle ID: 0x14b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_nb-no_1c21dff1813bb49b.cdf-ms Handle ID: 0x14b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_nl-nl_1c21d8d7813bc050.cdf-ms Handle ID: 0x14ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_pl-pl_1feec80b7b885984.cdf-ms Handle ID: 0x1544 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_pt-br_1feed24f7b884ae8.cdf-ms Handle ID: 0x1534 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_pt-pt_1feed61b7b884544.cdf-ms Handle ID: 0x153c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_qps-plocm_9a74fcee4d7b40bf.cdf-ms Handle ID: 0x1528 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_qps-ploc_2a602976759a80fc.cdf-ms Handle ID: 0x1540 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_ro-ro_23bbbc8575d4eb20.cdf-ms Handle ID: 0x1548 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_ru-ru_23bbc71175d4dbf0.cdf-ms Handle ID: 0x1558 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_sk-sk_25a22d1772fb41da.cdf-ms Handle ID: 0x1538 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_sl-si_25a2292772fb47dd.cdf-ms Handle ID: 0x1554 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_sr-latn-rs_e97cc539ee0d5bc2.cdf-ms Handle ID: 0x8e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_sv-se_25a2202772fb566b.cdf-ms Handle ID: 0x1530 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_tr-tr_2788b0ff70217cbc.cdf-ms Handle ID: 0x8e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_uk-ua_296f094f6d47f788.cdf-ms Handle ID: 0x149c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_zh-cn_32ef786b5f07507b.cdf-ms Handle ID: 0x1498 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_zh-tw_32ef89815f0736eb.cdf-ms Handle ID: 0x14a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_resources_0adab7ac98c3dc03.cdf-ms Handle ID: 0x870 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms Handle ID: 0x1494 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms Handle ID: 0x88c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_diagtrack_0600d0deecd2b5a2.cdf-ms Handle ID: 0x878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_diagtrack_scenarios_ce5f6e43b7ab3f41.cdf-ms Handle ID: 0x1550 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_diagtrack_settings_56f8a3f40ce5a801.cdf-ms Handle ID: 0x86c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_globalization_0fc22903a221b67f.cdf-ms Handle ID: 0x157c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_globalization_sorting_04883de290c6ef1b.cdf-ms Handle ID: 0x1578 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_lsm_0000_b44cadf303cf745f.cdf-ms Handle ID: 0x1564 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_remoteaccess_0000_86bc982ae65d5d49.cdf-ms Handle ID: 0x1568 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_livekernelreports_13126bbee8c1252a.cdf-ms Handle ID: 0x874 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms Handle ID: 0x1560 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_policydefinitions_89130cdfc4d9c27c.cdf-ms Handle ID: 0x158c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_rescache_fbd63394dc9300f8.cdf-ms Handle ID: 0x1574 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_rescache_merged_98aae8e844b93807.cdf-ms Handle ID: 0x154c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_resources_themes_aero_vscache_f7bbc75044896c89.cdf-ms Handle ID: 0x8ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_schemas_eaphost_52e2de002c0b1796.cdf-ms Handle ID: 0x8e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_security_fe3ad40cd6e08c7c.cdf-ms Handle ID: 0x884 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_schemas_eapmethods_2935fdc1307d3ad6.cdf-ms Handle ID: 0x1474 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicestate_5273c861cc221018.cdf-ms Handle ID: 0x147c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ar-sa_3b02d130904371b4.cdf-ms Handle ID: 0x156c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms Handle ID: 0x1520 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_catroot2_dcafaffaaa56ddae.cdf-ms Handle ID: 0x15a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_catroot_127d0a1d-4ef2-11d1-8608-00c04fc295ee__43d274f6525c55b6.cdf-ms Handle ID: 0x15b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_catroot_dcafaffa24ca18cc.cdf-ms Handle ID: 0x15c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_catroot_f750e6c3-38ee-11d1-85e5-00c04fc295ee__0f6ee2e4c9b287a4.cdf-ms Handle ID: 0x15ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_active_29d3e16aea6e0340.cdf-ms Handle ID: 0x15a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_internal_c92a000dc3e74fc1.cdf-ms Handle ID: 0x15cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_staged_276d48e6ef8844ae.cdf-ms Handle ID: 0x15c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms Handle ID: 0x7b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_1277fa612e559336.cdf-ms Handle ID: 0x7d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_regback_2cc4cf1020372405.cdf-ms Handle ID: 0x151c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_9dec82772012c8ca.cdf-ms Handle ID: 0x15b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_92209b51227f4d2f.cdf-ms Handle ID: 0x15f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_locallow_ecfb9e22d0b5fdec.cdf-ms Handle ID: 0x15f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_local_bceee85fd37df118.cdf-ms Handle ID: 0x1490 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_roaming_3488f27ae602299c.cdf-ms Handle ID: 0x1600 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms Handle ID: 0x15f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_da-dk_40b64d5e87b63595.cdf-ms Handle ID: 0x15d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms Handle ID: 0x1604 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_driverstate_a5318eeab3dff807.cdf-ms Handle ID: 0x1608 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_driverstate_devices_144618422831c928.cdf-ms Handle ID: 0x15e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_driverdata_4e302c7c62b76407.cdf-ms Handle ID: 0x15ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_etc_a531967eb3dfecbd.cdf-ms Handle ID: 0x148c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms Handle ID: 0x159c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_el-gr_429cd0b684dc71bd.cdf-ms Handle ID: 0x1618 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_en-gb_429cb20e84dc9fef.cdf-ms Handle ID: 0x160c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms Handle ID: 0x1610 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_es-mx_429cdb1e84dc62e4.cdf-ms Handle ID: 0x15e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_downlevel_3ccc30959b90736e.cdf-ms Handle ID: 0x1488 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_et-ee_429cb6e884dc9948.cdf-ms Handle ID: 0x914 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_fi-fi_448337a68202d703.cdf-ms Handle ID: 0x8f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_fr-ca_448327328202f0a1.cdf-ms Handle ID: 0x89c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_grouppolicyusers_dc4bf95b336ab265.cdf-ms Handle ID: 0x8f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms Handle ID: 0x1624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_grouppolicy_8e35dabe44804e33.cdf-ms Handle ID: 0xbe8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_he-il_48502d1c7c4f6669.cdf-ms Handle ID: 0xa8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_hr-hr_485036ac7c4f596f.cdf-ms Handle ID: 0xbe4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms Handle ID: 0x85c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms Handle ID: 0x908 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms Handle ID: 0x8f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_logfiles_firewall_488be49cc4415d55.cdf-ms Handle ID: 0x15d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ko-kr_4e039de673c23e4a.cdf-ms Handle ID: 0x7c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_logfiles_sam_5b4992809d2e7248.cdf-ms Handle ID: 0x890 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_logfiles_scm_5b4992849d2e7236.cdf-ms Handle ID: 0x15d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_logfiles_wmi_5b4992089d2e731c.cdf-ms Handle ID: 0x15dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_logfiles_wmi_rtbackup_03b1b65215e9856c.cdf-ms Handle ID: 0x15bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_lt-lt_4fea189870e886c7.cdf-ms Handle ID: 0x15b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms Handle ID: 0x1634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_nb-no_53b700d66b352886.cdf-ms Handle ID: 0xbd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_networklist_icons_stockicons_c7f9dde8d52dc62c.cdf-ms Handle ID: 0xbdc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_oobe_06655c95df2fa06f.cdf-ms Handle ID: 0xbd4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms Handle ID: 0x163c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms Handle ID: 0xbe0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_pt-br_5783f3346581bed3.cdf-ms Handle ID: 0x90c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_rastoast_f92eb3787fa05917.cdf-ms Handle ID: 0x1598 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_pt-pt_5783f7006581b92f.cdf-ms Handle ID: 0x860 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ras_06656461d047b86c.cdf-ms Handle ID: 0x15fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ras_sstpproxy_454ca701ebc80170.cdf-ms Handle ID: 0x1614 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms Handle ID: 0x1630 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms Handle ID: 0xbf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms Handle ID: 0x1654 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms Handle ID: 0x165c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_smi_06656483d047b9b9.cdf-ms Handle ID: 0x1658 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_smi_manifests_0e3cdef1f9ad7c5f.cdf-ms Handle ID: 0x1650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_smi_schema_b445cd341d59fadc.cdf-ms Handle ID: 0x1628 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_smi_store_500af0907ede5ff6.cdf-ms Handle ID: 0x162c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_smi_store_machine_f7f45ee58c75b061.cdf-ms Handle ID: 0xbec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms Handle ID: 0x1638 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_sr-latn-rs_36d1e04b1e65a349.cdf-ms Handle ID: 0x1670 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms Handle ID: 0x168c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms Handle ID: 0x1694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms Handle ID: 0x1518 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_uk-ua_61042a3457416b73.cdf-ms Handle ID: 0x1698 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_autorecover_78e2d7bf652dcf48.cdf-ms Handle ID: 0x1684 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_logs_1fef5bbcc5e77768.cdf-ms Handle ID: 0x1680 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_repository_3ba7d111b51b3c3b.cdf-ms Handle ID: 0x167c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_tmf_026f0fb07227ea72.cdf-ms Handle ID: 0x1678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_winevt_39519e6af36cf6a7.cdf-ms Handle ID: 0x1470 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_winevt_logs_2ccd04a261f738ce.cdf-ms Handle ID: 0x1468 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_zh-cn_6a8499504900c466.cdf-ms Handle ID: 0x16a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_zh-tw_6a84aa664900aad6.cdf-ms Handle ID: 0x169c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_config_397022e597c7bf30.cdf-ms Handle ID: 0x1690 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_config_regback_520dcf8c985ef2ff.cdf-ms Handle ID: 0x1660 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_driverstore_9d5a0097549f0abb.cdf-ms Handle ID: 0x1644 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_drivers_193c6528ad70a5e7.cdf-ms Handle ID: 0x16b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_migration_bdcfa47e8790e0c4.cdf-ms Handle ID: 0x16b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_oobe_1bf24c07bb30ce37.cdf-ms Handle ID: 0x1104 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_smi_1bf253f5a7664eed.cdf-ms Handle ID: 0x16a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_smi_manifests_3a5de332226f42b3.cdf-ms Handle ID: 0x16ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_smi_store_7b60732feba1c4a2.cdf-ms Handle ID: 0x16c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_smi_store_machine_d77e364e5a797f0d.cdf-ms Handle ID: 0x16c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wbem_1bf25d11bb30b33f.cdf-ms Handle ID: 0x16b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wbem_autorecover_e1421be265f17780.cdf-ms Handle ID: 0x1674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wbem_logs_4b44de5c32aadc14.cdf-ms Handle ID: 0x16cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wbem_repository_a407152b7f5ece07.cdf-ms Handle ID: 0xbf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wbem_xml_3f8ffc24c43a2ff4.cdf-ms Handle ID: 0x16d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_downlevel_6821b3350853d81a.cdf-ms Handle ID: 0x16bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_temp_401038c9a18c18c0.cdf-ms Handle ID: 0x16dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_tracing_bca9e27848ac4cc0.cdf-ms Handle ID: 0x16f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_vss_3f582555a4c8be22.cdf-ms Handle ID: 0x16f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_vss_writers_08335f148b847d02.cdf-ms Handle ID: 0x16fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_vss_writers_application_85e0c568acb2deec.cdf-ms Handle ID: 0x1700 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_vss_writers_system_e29eb58bafd8a559.cdf-ms Handle ID: 0x16e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_waas_401032e7a18c2040.cdf-ms Handle ID: 0x16d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_waas_services_ddfc4ae175ff1678.cdf-ms Handle ID: 0x170c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_winsxs_installtemp_a7200a27e5239119.cdf-ms Handle ID: 0x1704 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms Handle ID: 0x16e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_crypto_keys_584b284368b25bef.cdf-ms Handle ID: 0x1668 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms Handle ID: 0x1714 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_network_connections_2e5c3accd04dd407.cdf-ms Handle ID: 0x1720 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_devicemetadatastore_2e1ff34936d2e8e5.cdf-ms Handle ID: 0x171c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_gameexplorer_eb83b477ca9834cc.cdf-ms Handle ID: 0x16a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_onesettings_d58936a49a7f4b26.cdf-ms Handle ID: 0x1718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_startup_b13751030220a596.cdf-ms Handle ID: 0x920 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_templates_15e72976404301fc.cdf-ms Handle ID: 0x93c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_reportarchive_5449504010b82c41.cdf-ms Handle ID: 0x7e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_reportqueue_9ca35f30fc68b178.cdf-ms Handle ID: 0x798 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_temp_783673b09e921b6b.cdf-ms Handle ID: 0x778 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wfp_1409fc168e700932.cdf-ms Handle ID: 0x634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_x86__676bbe2c7241b694.cdf-ms Handle ID: 0x16e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_bc5dd6ae41aaaeeb.cdf-ms Handle ID: 0x8a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_3433db0fbe07ab7f.cdf-ms Handle ID: 0x92c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windowsapps_522fbbfd57c17136.cdf-ms Handle ID: 0x944 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_9e28651fd972d480.cdf-ms Handle ID: 0x928 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_gameexplorer_5a14824a005868dd.cdf-ms Handle ID: 0x930 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_history_f4337fe0129e212c.cdf-ms Handle ID: 0x166c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_inetcache_93b6f38324ca2118.cdf-ms Handle ID: 0x1648 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_inetcookies_706c818672b5499f.cdf-ms Handle ID: 0x16ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_temp_3274946c96022019.cdf-ms Handle ID: 0x1734 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_network_shortcuts_cbcbd4ac7028a985.cdf-ms Handle ID: 0xc14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_recent_ca449f9bba09f987.cdf-ms Handle ID: 0x948 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_sendto_cc2b2363b7303311.cdf-ms Handle ID: 0x1740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_programs_accessories_73cb70a3fcd6fd42.cdf-ms Handle ID: 0x1708 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_programs_system_tools_b726d34a5a5ca66e.cdf-ms Handle ID: 0x1664 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_templates_9327e87141b4e78f.cdf-ms Handle ID: 0x938 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_desktop_39aa59e1159d1203.cdf-ms Handle ID: 0x172c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_documents_a9a4e48ccdf32dcf.cdf-ms Handle ID: 0x904 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_downloads_d0a063ac92c2c070.cdf-ms Handle ID: 0x1728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_favorites_d09a481c8ccc2a28.cdf-ms Handle ID: 0x940 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_links_4064ed15230be7d0.cdf-ms Handle ID: 0x924 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_music_4066f7392302d756.cdf-ms Handle ID: 0x16c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_pictures_209185c2b71537e4.cdf-ms Handle ID: 0x174c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_saved_games_57aaea1c026aa551.cdf-ms Handle ID: 0x1748 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_videos_4078dfd58aff2cd5.cdf-ms Handle ID: 0x650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_8c076a3be22985a1.cdf-ms Handle ID: 0x1640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_desktop_2377dac7383055bd.cdf-ms Handle ID: 0x7dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_documents_70461e22eba239ef.cdf-ms Handle ID: 0x1750 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_downloads_631cc37cff593fe6.cdf-ms Handle ID: 0x1744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_libraries_de6591322faedac0.cdf-ms Handle ID: 0x7d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_music_8c1f3dc399e79184.cdf-ms Handle ID: 0x14c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_pictures_f5e7b0c0fda4db8c.cdf-ms Handle ID: 0x1504 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_videos_20f7329ef941f593.cdf-ms Handle ID: 0x1758 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shell32_31bf3856ad364e35_10.0.19041.1_none_221a3861b159743a\shell32.dll.mun Handle ID: 0x990 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.19041.1_en-us_97b67612f5fefc64\bootres.dll.mui Handle ID: 0xae8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..se-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_cfcf9eab1d4356c7\basebrd.dll.mui Handle ID: 0x1484 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..servicing.resources_31bf3856ad364e35_10.0.19041.1_en-us_221f998bb589fc86\bfsvc.exe.mui Handle ID: 0x1458 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-notepad.resources_31bf3856ad364e35_10.0.19041.1_en-us_d3d6e5956e57a60b\notepad.exe.mui Handle ID: 0x8a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0c24a7fa21cc723\regedit.exe.mui Handle ID: 0x768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_9282db59dc3419f7\lagcounterdef.ini Handle ID: 0x145c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-aero.resources_31bf3856ad364e35_10.0.19041.1_en-us_f0379010f961da55\aero.msstyles.mui Handle ID: 0x13ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_10.0.19041.1_en-us_d26e0637cf86d0d1\winresume.efi.mui Handle ID: 0xd84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c89c78983615cee\winresume.efi.mui Handle ID: 0x11e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_10.0.19041.1_en-us_d26e0637cf86d0d1\winresume.exe.mui Handle ID: 0x620 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c89c78983615cee\winresume.exe.mui Handle ID: 0x1618 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ws-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_b1e24b78f138956a\winload.efi.mui Handle ID: 0x864 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c89c78983615cee\winload.efi.mui Handle ID: 0x900 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ws-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_b1e24b78f138956a\winload.exe.mui Handle ID: 0x980 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c89c78983615cee\winload.exe.mui Handle ID: 0x1818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..collector.resources_31bf3856ad364e35_10.0.19041.1_en-us_68bde2d1a04456f8\DiagnosticsHub.StandardCollector.ServiceRes.dll.mui Handle ID: 0x11dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ers-winpe.resources_31bf3856ad364e35_10.0.19041.1_en-us_975fc9d541a29a7b\PEProvider.dll.mui Handle ID: 0x11d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ers-winpe.resources_31bf3856ad364e35_10.0.19041.1_en-us_f37e6558fa000bb1\PEProvider.dll.mui Handle ID: 0xef0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..-agilevpn.resources_31bf3856ad364e35_10.0.19041.1_en-us_d53c2a5780c0554a\agilevpn.sys.mui Handle ID: 0x11cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cdrom.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_eeabdb05f6ee48e5\cdrom.sys.mui Handle ID: 0xa88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ineconfig.resources_31bf3856ad364e35_10.0.19041.1_en-us_c4eb35a66fea5b8c\cmimcext.sys.mui Handle ID: 0x9c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_acpi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_69a3ec4d68428b49\acpi.sys.mui Handle ID: 0x11ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mshdc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_24636be4acc48ef5\ataport.sys.mui Handle ID: 0x910 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..itefilter.resources_31bf3856ad364e35_10.0.19041.1_en-us_5220cedf75163124\fbwf.sys.mui Handle ID: 0x1774 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_disk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bc67b02583104975\disk.sys.mui Handle ID: 0xf7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdmvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d215b38a0ba5d9f4\dmvsc.sys.mui Handle ID: 0xc78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sdbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e0ac5bc47e450655\dumpsd.sys.mui Handle ID: 0xa24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidbatt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1d9ede21b029ea84\hidbatt.sys.mui Handle ID: 0xae8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ager-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_0a0dff57a77260bb\fltmgr.sys.mui Handle ID: 0x1424 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_input.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d790c0a55c1391be\hidclass.sys.mui Handle ID: 0x71c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_machine.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fafe1ef88d632cf1\isapnp.sys.mui Handle ID: 0x9f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_keyboard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e499df0d0bbbbb23\kbdhid.sys.mui Handle ID: 0x72c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_keyboard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e499df0d0bbbbb23\kbdclass.sys.mui Handle ID: 0x11c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ipmidrv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fe04272f5af8f8fd\IPMIDRV.sys.mui Handle ID: 0xb3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msmouse.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8760c26735753ce3\mouhid.sys.mui Handle ID: 0xb00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ntmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_f2fe3e4cdea49006\mountmgr.sys.mui Handle ID: 0x11a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_01d9cddf1dc42162\afd.sys.mui Handle ID: 0x1160 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msmouse.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8760c26735753ce3\mouclass.sys.mui Handle ID: 0x1190 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_keyboard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e499df0d0bbbbb23\i8042prt.sys.mui Handle ID: 0xb30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mssmbios.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e4828162943df97b\mssmbios.sys.mui Handle ID: 0x14f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mtconfig.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30aa9dc9643c7203\MTConfig.sys.mui Handle ID: 0x1878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..irtualbus.resources_31bf3856ad364e35_10.0.19041.1_en-us_ac0b3c7d0a7b529a\NdisVirtualBus.sys.mui Handle ID: 0x17d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndisuio.resources_31bf3856ad364e35_10.0.19041.1_en-us_5243fbc0ded0c5bf\ndisuio.sys.mui Handle ID: 0x119c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..terdriver.resources_31bf3856ad364e35_10.0.19041.1_en-us_80342690e638a891\fvevol.sys.mui Handle ID: 0x11a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mup.resources_31bf3856ad364e35_10.0.19041.1_en-us_964559f67670676e\mup.sys.mui Handle ID: 0xd18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msports.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bdfd7b65d29446fe\parport.sys.mui Handle ID: 0xcf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_b41cd326ea03d7cd\partmgr.sys.mui Handle ID: 0xa60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pdc.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5359bd391fe0ec7\pdc.sys.mui Handle ID: 0xd20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wnetvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_167169796afde604\netvsc.sys.mui Handle ID: 0x14b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-http.resources_31bf3856ad364e35_10.0.19041.1_en-us_c8e6664975a31d2e\http.sys.mui Handle ID: 0x181c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pcmcia.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_de7e3bb1542b73c9\pcmcia.sys.mui Handle ID: 0x7ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cpu.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad4386f1e498a588\processr.sys.mui Handle ID: 0x1554 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pci.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3ac94a7992f963bc\pci.sys.mui Handle ID: 0x180c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rdbss.resources_31bf3856ad364e35_10.0.19041.1_en-us_dae8180a06c68b0a\rdbss.sys.mui Handle ID: 0x658 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.s..rt_driver.resources_31bf3856ad364e35_10.0.19041.1_en-us_06f0463a8ffb0862\scsiport.sys.mui Handle ID: 0xa94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_scmbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3e6820a3a67d132b\scmbus.sys.mui Handle ID: 0xa64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs-v1.resources_31bf3856ad364e35_10.0.19041.1_en-us_015b430cf72af3e4\refsv1.sys.mui Handle ID: 0xdac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sdstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9567ad83a0d7d2c3\sdstor.sys.mui Handle ID: 0xe34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nvdimm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_25513bd94ea29285\nvdimm.sys.mui Handle ID: 0x708 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msmouse.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8760c26735753ce3\sermouse.sys.mui Handle ID: 0x1018 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sdbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e0ac5bc47e450655\sdbus.sys.mui Handle ID: 0xe38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pmem.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_181ef79b6d283f1d\pmem.sys.mui Handle ID: 0xdfc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs.resources_31bf3856ad364e35_10.0.19041.1_en-us_68c01a3fbb588324\refs.sys.mui Handle ID: 0x11fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msports.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bdfd7b65d29446fe\serial.sys.mui Handle ID: 0x1840 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..os-filter.resources_31bf3856ad364e35_10.0.19041.1_en-us_0bf40dc511913ae2\storqosflt.sys.mui Handle ID: 0xeb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad377322445ff73a\usbstor.sys.mui Handle ID: 0xd48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndis.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c0ba3b1930f1c42\ndis.sys.mui Handle ID: 0x1288 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..tservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_7897f64125c10402\sacdrv.sys.mui Handle ID: 0x1200 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_tpm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b6f4c02d18a0b961\tpm.sys.mui Handle ID: 0x8c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbminirdr.resources_31bf3856ad364e35_10.0.19041.1_en-us_f52979919311afd5\mrxsmb.sys.mui Handle ID: 0x1214 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ifier-xdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2472aa08b42b57f\VerifierExt.sys.mui Handle ID: 0x768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wvmbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30884c157d121d34\vmbus.sys.mui Handle ID: 0x129c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_volmgr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0939b1bd5303163\volmgr.sys.mui Handle ID: 0x18d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbport.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3fdd12d463484b9\usbhub.sys.mui Handle ID: 0xbc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..memanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_5a8499cf2748e5aa\volmgrx.sys.mui Handle ID: 0x12f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wstorflt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_53bde37991dff607\vmstorfl.sys.mui Handle ID: 0x18dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_10.0.19041.1_en-us_d37782f39a9ff8fa\wdf01000.sys.mui Handle ID: 0xca4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_10.0.19041.1_en-us_0426d764e3f10dc7\wfplwfs.sys.mui Handle ID: 0xcd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-onecore__usbxhci.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6cafa91c1196c1cf\USBXHCI.SYS.mui Handle ID: 0x880 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hiddigi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ecddc2d575d046f0\wacompen.sys.mui Handle ID: 0x734 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vdrvroot.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_071ca90aef89fb5c\vdrvroot.sys.mui Handle ID: 0xd50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..e-ws2ifsl.resources_31bf3856ad364e35_10.0.19041.1_en-us_dfa661fa6e1ce851\ws2ifsl.sys.mui Handle ID: 0x1794 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..layfilter.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb4aaced1e956418\wof.sys.mui Handle ID: 0x15f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vhdmp.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a05990b658517951\vhdmp.sys.mui Handle ID: 0x1458 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_3ware.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb73c27a8a348f7c\3ware.inf_loc Handle ID: 0x1484 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_acpi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_69a3ec4d68428b49\acpi.inf_loc Handle ID: 0x1588 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_1394.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_18abfb34c13d1e13\1394.inf_loc Handle ID: 0xaf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_acpidev.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a1168fca20107098\AcpiDev.inf_loc Handle ID: 0x15dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_acpipagr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_81ed51eb46f200bd\acpipagr.inf_loc Handle ID: 0xf68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_acpitime.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_00ed29b0a1af03fe\acpitime.inf_loc Handle ID: 0x1318 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_amdgpio2.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_071727247d4b9b6d\AMDGPIO2.inf_loc Handle ID: 0x1360 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_amdi2c.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b44c7b4a3610ffa\AMDI2C.inf_loc Handle ID: 0x964 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbhub3.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30a183fa06c34f68\USBHUB3.SYS.mui Handle ID: 0x15a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_adp80xx.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_df8614f20a01459d\adp80xx.inf_loc Handle ID: 0xd00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_amdsata.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f61df630eb0c2b11\amdsata.inf_loc Handle ID: 0x67c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_amdsbs.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8078ca9d04cdbac0\AMDSBS.inf_loc Handle ID: 0x1580 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbport.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3fdd12d463484b9\usbport.sys.mui Handle ID: 0x1358 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_basicdisplay.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef20656b7106b82c\basicdisplay.inf_loc Handle ID: 0xe54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_basicrender.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4284d3375f71b9a4\BasicRender.inf_loc Handle ID: 0x18a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_battery.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1ae2ca39d951ff1d\battery.inf_loc Handle ID: 0x1594 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_buttonconverter.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f9d50b9ac6c88aca\buttonconverter.inf_loc Handle ID: 0x1788 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cdrom.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_eeabdb05f6ee48e5\cdrom.inf_loc Handle ID: 0x1904 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntfs.resources_31bf3856ad364e35_10.0.19041.1_en-us_9aa34a00fd92c68f\ntfs.sys.mui Handle ID: 0x14cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_arcsas.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_087bc2f3557d59f3\arcsas.inf_loc Handle ID: 0xa04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cht4sx64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b842c4caa709c970\cht4sx64.inf_loc Handle ID: 0x13e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cmbatt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_05d01a77a31b22e9\cmbatt.inf_loc Handle ID: 0x13b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-winpe__c_nettrans.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e3e17bf3da9763d4\c_nettrans.inf_loc Handle ID: 0xfc0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-winpe__c_ne..rvice.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_0efd6fb5e7c3b2e9\c_netservice.inf_loc Handle ID: 0x13fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_wceusbs.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bbc5625120424a96\c_wceusbs.inf_loc Handle ID: 0xa34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_volsnap.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f10129f07919aaf9\c_volsnap.inf_loc Handle ID: 0x8a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_usbfn.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d088999d27449a54\c_usbfn.inf_loc Handle ID: 0x11b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_usb.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2078850c976d2d44\c_usb.inf_loc Handle ID: 0x12c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_unknown.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_feb9fba146835368\c_unknown.inf_loc Handle ID: 0x1814 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_system.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f8c54ae1d45eb4b7\c_system.inf_loc Handle ID: 0xc34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_smartcardfilter.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_72075751babf5dc7\c_smartcardfilter.inf_loc Handle ID: 0x1548 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_smartcard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d199d2ff9bb1564b\c_smartcard.inf_loc Handle ID: 0xe94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_securitydevices.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_500dd0edcc8d8195\c_securitydevices.inf_loc Handle ID: 0xf20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_sdhost.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d4107e01753addd7\c_sdhost.inf_loc Handle ID: 0xb40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_sbp2.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_690d1ff258d72c31\c_sbp2.inf_loc Handle ID: 0x1220 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_printer.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_97be91b029c2a806\c_printer.inf_loc Handle ID: 0x15b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_ports.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa48532b71d7f47c\c_ports.inf_loc Handle ID: 0x788 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_pnpprinters.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8670f1bf172d66bf\c_pnpprinters.inf_loc Handle ID: 0x6c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_pcmcia.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f85134649ee7693d\c_pcmcia.inf_loc Handle ID: 0x12cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_multiportserial.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb1d995f4ea9d4f2\c_multiportserial.inf_loc Handle ID: 0x1858 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_multifunction.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fda6760d5c07176b\c_multifunction.inf_loc Handle ID: 0x15d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_mtd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c7baab7dea4440a3\c_mtd.inf_loc Handle ID: 0xd24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_modem.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_613fe2bafe37ec6a\c_modem.inf_loc Handle ID: 0x1428 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_memory.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a7c8539a829c1c8b\c_memory.inf_loc Handle ID: 0xbac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_legacydriver.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc6a8f9c4beb94bf\c_legacydriver.inf_loc Handle ID: 0x1290 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_hidclass.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_acb7624fe6a5e203\c_hidclass.inf_loc Handle ID: 0xbb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_dot4print.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_543f1a94d06bb420\c_dot4print.inf_loc Handle ID: 0x12b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_dot4.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb3a876a15cdcdeb\c_dot4.inf_loc Handle ID: 0x12b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_computer.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_334099b181eba155\c_computer.inf_loc Handle ID: 0x12bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_bluetooth.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3e3c515351903d04\c_bluetooth.inf_loc Handle ID: 0x148c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_biometric.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_058d0d809f4f9960\c_biometric.inf_loc Handle ID: 0xc94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_battery.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7eb6238b44c72911\c_battery.inf_loc Handle ID: 0x1148 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_avc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e997cb352f5383aa\c_avc.inf_loc Handle ID: 0x12a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_61883.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_07f6564378d8befa\c_61883.inf_loc Handle ID: 0xc1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_1394.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b60fa7006b7bc33f\c_1394.inf_loc Handle ID: 0xf18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-volsnap.resources_31bf3856ad364e35_10.0.19041.1_en-us_e3c77729d2d39b27\volsnap.sys.mui Handle ID: 0x958 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cpu.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad4386f1e498a588\cpu.inf_loc Handle ID: 0x1158 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_apo.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_becf38149a60e628\c_apo.inf_loc Handle ID: 0xfec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_spaceport.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bbd42ccfce385e2d\spaceport.sys.mui Handle ID: 0xc24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cht4nulx64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5f0ab577b0763a0a\cht4nulx64.inf_loc Handle ID: 0x149c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_camera.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f4eefb5dcf0fc0a7\c_camera.inf_loc Handle ID: 0x1528 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_usbdevice.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9f156093de8c7252\c_usbdevice.inf_loc Handle ID: 0x1508 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_tapedrive.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_0e191f0a69a05688\c_tapedrive.inf_loc Handle ID: 0x110c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_scsiadapter.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e8ace7064f2c636d\c_scsiadapter.inf_loc Handle ID: 0x1850 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_mediumchanger.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e0de1f9f10ff6b8f\c_mediumchanger.inf_loc Handle ID: 0x14b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_hdc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f56320382a22a1df\c_hdc.inf_loc Handle ID: 0x8a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_floppydisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4e0c091a021d5487\c_floppydisk.inf_loc Handle ID: 0x17bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fdc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_dee59a767afd8bfd\c_fdc.inf_loc Handle ID: 0x7c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_cdrom.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_35ab524ee8e8640b\c_cdrom.inf_loc Handle ID: 0x1410 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cht4vx64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f0724b4a4723ac33\cht4vx64.inf_loc Handle ID: 0xb14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-v2.resources_31bf3856ad364e35_10.0.19041.1_en-us_e6ec473acfdb3608\srv2.sys.mui Handle ID: 0x1300 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_computeaccelerator.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_82583126df093074\c_computeaccelerator.inf_loc Handle ID: 0x1534 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_b57nd60a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_73104e6df57778dd\b57nd60a.inf_loc Handle ID: 0x16f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_diskdrive.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_99aaa3b9a46f5c07\c_diskdrive.inf_loc Handle ID: 0x1430 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_display.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2884ec2111de828\c_display.inf_loc Handle ID: 0x970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-winpe__c_extension.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc290077fb46ced2\c_extension.inf_loc Handle ID: 0x1024 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_firmware.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f4f4e0388619c2f7\c_firmware.inf_loc Handle ID: 0x1034 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsactivitymonitor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a726c775ee528f6\c_fsactivitymonitor.inf_loc Handle ID: 0x1678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsantivirus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e8a3ad9373ab26d0\c_fsantivirus.inf_loc Handle ID: 0x1804 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fscfsmetadataserver.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4c19aebdcfad1d3\c_fscfsmetadataserver.inf_loc Handle ID: 0x1030 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fscompression.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1fa2e64b417bac13\c_fscompression.inf_loc Handle ID: 0x196c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fscontentscreener.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5c6f7a9733a46dbf\c_fscontentscreener.inf_loc Handle ID: 0xde8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fscontinuousbackup.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7f57e26eb2c97e48\c_fscontinuousbackup.inf_loc Handle ID: 0xfe8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fscopyprotection.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_932ee91eba631169\c_fscopyprotection.inf_loc Handle ID: 0x1050 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsencryption.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_12c48ebdb6b08f2c\c_fsencryption.inf_loc Handle ID: 0xc48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fshsm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e70c9980bf906c51\c_fshsm.inf_loc Handle ID: 0xba8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsinfrastructure.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_59f5e236507335be\c_fsinfrastructure.inf_loc Handle ID: 0xaac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsopenfilebackup.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2aa71f4e335f00a1\c_fsopenfilebackup.inf_loc Handle ID: 0x194c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsphysicalquotamgmt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3084b4038c52cfc3\c_fsphysicalquotamgmt.inf_loc Handle ID: 0x16e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsquotamgmt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1cd245fb0bbfdc24\c_fsquotamgmt.inf_loc Handle ID: 0x1134 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_bnxtnd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_625ced9cec7e02d0\bnxtnd.inf_loc Handle ID: 0xedc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsreplication.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9a7c8497775436d1\c_fsreplication.inf_loc Handle ID: 0x1868 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fssecurityenhancer.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a0dbc36ca525af79\c_fssecurityenhancer.inf_loc Handle ID: 0xcf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fssystem.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7739ae28058068ac\c_fssystem.inf_loc Handle ID: 0xe8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fssystemrecovery.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8576afa64c6d0b5b\c_fssystemrecovery.inf_loc Handle ID: 0xb5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsundelete.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_adcad7123c92f31b\c_fsundelete.inf_loc Handle ID: 0x114c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsvirtualization.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_413897ee35c40e4a\c_fsvirtualization.inf_loc Handle ID: 0x1870 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-winpe__c_image.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_66fe9c814b19361c\c_image.inf_loc Handle ID: 0x15d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_infrared.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d290e6c3e59d8b6d\c_infrared.inf_loc Handle ID: 0x16c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_smartcardreader.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_299bea1855072cfa\c_smartcardreader.inf_loc Handle ID: 0x1614 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_mouse.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c63c716dd4b8ea61\c_mouse.inf_loc Handle ID: 0xb64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_keyboard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ba971b8f818ffa97\c_keyboard.inf_loc Handle ID: 0x1828 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_mcx.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4b30b89252a6816\c_mcx.inf_loc Handle ID: 0x1970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_media.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_64e5ca1dfef06e34\c_media.inf_loc Handle ID: 0x19b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_monitor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ba2d96d8d1617d0\c_monitor.inf_loc Handle ID: 0xab8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-driver.resources_31bf3856ad364e35_10.0.19041.1_en-us_3ef517d861ab8bfd\tcpip.sys.mui Handle ID: 0x1988 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-winpe__c_net.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8a9de4e45233aae8\c_net.inf_loc Handle ID: 0x19a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_netdriver.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7bb0d3822d84626d\c_netdriver.inf_loc Handle ID: 0x1054 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_processor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_efe2f39b6183cf7e\c_processor.inf_loc Handle ID: 0xff4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_proximity.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5d4a3231f166c07\c_proximity.inf_loc Handle ID: 0x1684 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_scmdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_da2f3464feeb9e82\c_scmdisk.inf_loc Handle ID: 0x1694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_scmvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_274dc8e89da352e1\c_scmvolume.inf_loc Handle ID: 0x1864 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_smrdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9c2be843fdc9452d\c_smrdisk.inf_loc Handle ID: 0x17f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_smrvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_873df249fcda56f6\c_smrvolume.inf_loc Handle ID: 0x744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_sslaccel.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_550a59db0f5621b0\c_sslaccel.inf_loc Handle ID: 0x12d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_swcomponent.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ebbeb1eafbc08f5f\c_swcomponent.inf_loc Handle ID: 0x153c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_swdevice.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c528fd7176b0948\c_swdevice.inf_loc Handle ID: 0x7cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_ucm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_71cdf38e70f13729\c_ucm.inf_loc Handle ID: 0x7a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_volume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_967fed3868e66714\c_volume.inf_loc Handle ID: 0x11f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_disk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bc67b02583104975\disk.inf_loc Handle ID: 0xcd4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_dc21x4vm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b0f1d19dad31335\dc21x4vm.inf_loc Handle ID: 0x808 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_errdev.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5586319204196c24\errdev.inf_loc Handle ID: 0x1100 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_fdc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c3bf1a1759c9e111\fdc.inf_loc Handle ID: 0x804 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_flpydisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c9f54e21a11bb1aa\flpydisk.inf_loc Handle ID: 0x16ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_genericusbfn.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5b33cb4822df779\genericusbfn.inf_loc Handle ID: 0x14ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_e2xw10x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1009dfe7ac500a7b\e2xw10x64.inf_loc Handle ID: 0x16a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hal.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f37bb3ff4cf58aaf\hal.inf_loc Handle ID: 0x12a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_halextintclpiodma.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f52bab9e1d8a2132\HalExtIntcLpioDma.inf_loc Handle ID: 0x1884 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_halextpl080.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fafc7a7e78c38aec\HalExtPL080.inf_loc Handle ID: 0x1144 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hdaudbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_95158cf730b5589a\hdaudbus.inf_loc Handle ID: 0x17cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidbatt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1d9ede21b029ea84\hidbatt.inf_loc Handle ID: 0x7bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hiddigi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ecddc2d575d046f0\hiddigi.inf_loc Handle ID: 0xb10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidi2c.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_446adfd2698e55a5\hidi2c.inf_loc Handle ID: 0x6b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidinterrupt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4d5be2e1db69bd88\hidinterrupt.inf_loc Handle ID: 0x1298 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidspi_km.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c7833d62c3e7a938\hidspi_km.inf_loc Handle ID: 0xa58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidvhf.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_00a2c8865b19c705\hidvhf.inf_loc Handle ID: 0xd80 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidserv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc2a12a5e4e77b7b\hidserv.inf_loc Handle ID: 0x17f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iagpio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_425241a3f2c823d7\iagpio.inf_loc Handle ID: 0xb58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iai2c.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4b53532800d581e2\iai2c.inf_loc Handle ID: 0xb50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hpsamd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b94f84a4bf1696bb\hpsamd.inf_loc Handle ID: 0x11e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_gpio2_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_54336e46836d45b5\iaLPSS2i_GPIO2_BXT_P.inf_loc Handle ID: 0xa50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_gpio2_cnl.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1aff042fdca6b9af\iaLPSS2i_GPIO2_CNL.inf_loc Handle ID: 0x1368 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_gpio2_glk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca0703bc07355f54\iaLPSS2i_GPIO2_GLK.inf_loc Handle ID: 0x11c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_gpio2_skl.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_941dd277bd5aa2a2\iaLPSS2i_GPIO2_SKL.inf_loc Handle ID: 0x1958 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_i2c_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d01977211c836f8c\iaLPSS2i_I2C_BXT_P.inf_loc Handle ID: 0x1950 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_i2c_glk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9e201373da258c75\iaLPSS2i_I2C_GLK.inf_loc Handle ID: 0x1738 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_i2c_cnl.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9cb669d76a02ffe0\iaLPSS2i_I2C_CNL.inf_loc Handle ID: 0x1974 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_i2c_skl.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_687c6aaf86e0dde3\iaLPSS2i_I2C_SKL.inf_loc Handle ID: 0xc88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpssi_gpio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_76ba7f51e7cc24d5\ialpssi_gpio.INF_loc Handle ID: 0x1334 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpssi_i2c.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_da74ee7a2e23cd0c\iaLPSSi_I2C.INF_loc Handle ID: 0x1320 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iastorav.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a08116a658dd8d53\iastorav.inf_loc Handle ID: 0x18ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iastorv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9ee508f7215b4e42\iastorv.inf_loc Handle ID: 0x1934 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ipmidrv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fe04272f5af8f8fd\ipmidrv.inf_loc Handle ID: 0x1940 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iscsi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a34220a7c1295edd\iscsi.inf_loc Handle ID: 0x1590 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_kdnic.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6a39b593cd0620bd\kdnic.inf_loc Handle ID: 0xdb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_lltdio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2d5953839c6abd90\lltdio.inf_loc Handle ID: 0x13ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_itsas35i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c4b2659804152b7b\itSAS35i.inf_loc Handle ID: 0x143c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_lsi_sas.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2a6fe6c18fc737e\lsi_sas.inf_loc Handle ID: 0xa28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_lsi_sss.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7da15b6f3305a080\lsi_sss.inf_loc Handle ID: 0x128c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_lsi_sas2i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_65f0dfeed6d55baf\lsi_sas2i.inf_loc Handle ID: 0x15ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ipoib6x.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b609a6beb3bb889f\ipoib6x.inf_loc Handle ID: 0xd7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mausbhost.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_60d296e028e58b66\mausbhost.inf_loc Handle ID: 0x101c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_lsi_sas3i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a9a80d390049f398\lsi_sas3i.inf_loc Handle ID: 0x18c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_megasas.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2218c3d9338d1ee7\megasas.inf_loc Handle ID: 0xe88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_megasas2i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c705ef7f26fe9ca0\megasas2i.inf_loc Handle ID: 0x17c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mf.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_76c26c832162157b\mf.inf_loc Handle ID: 0x17e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_megasas35i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a65e7d58dbc7d272\megasas35i.inf_loc Handle ID: 0xc5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_machine.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fafe1ef88d632cf1\machine.inf_loc Handle ID: 0x17c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mssmbios.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e4828162943df97b\mssmbios.inf_loc Handle ID: 0x15e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mtconfig.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30aa9dc9643c7203\MTConfig.inf_loc Handle ID: 0x1570 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_keyboard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e499df0d0bbbbb23\keyboard.inf_loc Handle ID: 0x17b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msports.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bdfd7b65d29446fe\msports.inf_loc Handle ID: 0xc7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mvumis.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c6bd3d2b7fd41dfb\mvumis.inf_loc Handle ID: 0x15a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mshdc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_24636be4acc48ef5\mshdc.inf_loc Handle ID: 0x640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mlx4_bus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_0832d82c8b6430a8\mlx4_bus.inf_loc Handle ID: 0x1764 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mwlu97w8x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_721ec27a8766c338\mwlu97w8x64.inf_loc Handle ID: 0x176c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ndisimplatform.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6495c87605b878e1\NdisImPlatform.inf_loc Handle ID: 0x94c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mchgr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_570dedefa84bacb1\mchgr.inf_loc Handle ID: 0x7a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_input.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d790c0a55c1391be\input.inf_loc Handle ID: 0x6b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ndisuio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_81896a850e566a6d\ndisuio.inf_loc Handle ID: 0xbfc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msux64w10.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4626be9c5fa5183d\msux64w10.INF_loc Handle ID: 0x1688 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ndisvirtualbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ddf1e53c2a9427f3\NdisVirtualBus.inf_loc Handle ID: 0x1730 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ndisimplatformmp.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3f604b9e4185ac8\NdisImPlatformMp.inf_loc Handle ID: 0x638 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net44amd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_06de1174861a19c3\net44amd.inf_loc Handle ID: 0x888 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msmouse.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8760c26735753ce3\msmouse.inf_loc Handle ID: 0x175c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netavpna.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1d99719d72b87bcd\netavpna.inf_loc Handle ID: 0x1758 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net1yx64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_acbc043198b5393b\net1yx64.inf_loc Handle ID: 0x1504 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net7500-x64-n650f.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_14537e3ce66d098c\net7500-x64-n650f.inf_loc Handle ID: 0x7d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net7400-x64-n650.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2251beb4c5c7dcf\net7400-x64-n650.inf_loc Handle ID: 0x1744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net9500-x64-n650f.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c227ac32fd2e573a\net9500-x64-n650f.inf_loc Handle ID: 0x18bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netbvbda.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4419a66eb70a8ac\netbvbda.inf_loc Handle ID: 0x1038 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netax88179_178a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a8afbb726a40cdf7\NETAX88179_178a.inf_loc Handle ID: 0x1538 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net7800-x64-n650f.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_def76010b3bbbacf\net7800-x64-n650f.inf_loc Handle ID: 0x1328 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netax88772.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bf57d5a86ae2c12a\NETAX88772.inf_loc Handle ID: 0x5bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_megasr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c49b51df611700ff\megasr.inf_loc Handle ID: 0xeb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netimm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6eb3f9339e604b9e\netimm.inf_loc Handle ID: 0xbc8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netip6.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_411533700b52f05c\netip6.inf_loc Handle ID: 0xe58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net1ix64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d58e447342d5d52b\net1ix64.inf_loc Handle ID: 0x17a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netg664.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_80b3036518870dac\netg664.inf_loc Handle ID: 0x17dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nete1e3e.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c698e2a23f23d8c6\nete1e3e.inf_loc Handle ID: 0xc14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netl160a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d6222a69bcf9c34d\netl160a.inf_loc Handle ID: 0x17ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netjme.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab3f79387ada282d\netjme.inf_loc Handle ID: 0xc50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netloop.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_503fb5282a4e178d\netloop.inf_loc Handle ID: 0x17ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netl260a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_91d17268f257b98e\netl260a.inf_loc Handle ID: 0x6e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netl1e64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ae3a411481bf6ffb\netl1e64.inf_loc Handle ID: 0x179c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netefe3e.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_0362be1e4b97d43b\neteFE3e.inf_loc Handle ID: 0x1558 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netk57a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5205ba49a025de3\netk57a.inf_loc Handle ID: 0x1748 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nete1g3e.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ac2561016d613d4\nete1g3e.inf_loc Handle ID: 0x189c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netl1c63x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad12f6b9ba0aa916\netl1c63x64.inf_loc Handle ID: 0x174c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netmscli.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ee1b553e19ac22ed\netmscli.inf_loc Handle ID: 0xa38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netnb.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_23e729dfc2b3f0bb\netnb.inf_loc Handle ID: 0x15e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netevbda.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a83f2c544e3fcfb1\netevbda.inf_loc Handle ID: 0x159c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netrasa.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3742e14858d54ccc\netrasa.inf_loc Handle ID: 0x1998 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netrass.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_31a5414b1d0d2b5a\netrass.inf_loc Handle ID: 0x17a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netnvma.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2a25d156d7c8926f\netnvma.inf_loc Handle ID: 0x1338 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netrast.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2315bd90a7f3d429\netrast.inf_loc Handle ID: 0x648 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netserv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_653ad52140ef5069\Netserv.inf_loc Handle ID: 0x1880 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netnvm64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_177efc82da108066\netnvm64.inf_loc Handle ID: 0x760 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netbxnda.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_98df9b0f6459f782\netbxnda.inf_loc Handle ID: 0x1540 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netsstpa.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_084d6fe3e8ab4ae2\netsstpa.inf_loc Handle ID: 0x7f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netmlx5.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d04b374d5faa45ed\netmlx5.inf_loc Handle ID: 0x16c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nettcpip.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6553745f50881c0b\nettcpip.inf_loc Handle ID: 0x924 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netmlx4eth63.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_509a6db24c24bc78\netmlx4eth63.inf_loc Handle ID: 0x940 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netmyk64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ba79d1f6d6ddc5c4\netmyk64.inf_loc Handle ID: 0x1448 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netvg63a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2dac0b7938786d6\netvg63a.inf_loc Handle ID: 0x10e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nvdimm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_25513bd94ea29285\nvdimm.inf_loc Handle ID: 0x620 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netvf63a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f49aa1775e299095\netvf63a.inf_loc Handle ID: 0x1310 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nvraid.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e20958c3e2e0dc7e\nvraid.inf_loc Handle ID: 0x18c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netrtl64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d8f1244d31e4ffb9\netrtl64.inf_loc Handle ID: 0xb54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netqevbda.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f884fe3cceeff720\netqevbda.inf_loc Handle ID: 0x145c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pci.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3ac94a7992f963bc\pci.inf_loc Handle ID: 0x1618 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nett4x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef4eba8f7fc9967b\nett4x64.inf_loc Handle ID: 0x183c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pmem.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_181ef79b6d283f1d\pmem.inf_loc Handle ID: 0x730 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netxex64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3d8b9290e52f4248\netxex64.inf_loc Handle ID: 0x1848 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_percsas3i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2bfb26d4b8d6e599\percsas3i.inf_loc Handle ID: 0x1610 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_rspndr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_76dc9c37000f2019\rspndr.inf_loc Handle ID: 0x1818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_percsas2i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e843f98a8f624db0\percsas2i.inf_loc Handle ID: 0x980 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_qd3x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_dba9e55528ac2948\qd3x64.inf_loc Handle ID: 0x1948 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sbp2.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_698ec849d4f81b45\sbp2.inf_loc Handle ID: 0x1604 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_scmbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3e6820a3a67d132b\scmbus.inf_loc Handle ID: 0x900 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_volume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_311757bc5f52e3b0\volume.inf_loc Handle ID: 0x1874 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_smrvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f1eff5837296684c\smrvolume.inf_loc Handle ID: 0xe78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_scmvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_714bc5c3eafbc787\scmvolume.inf_loc Handle ID: 0x6f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pcmcia.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_de7e3bb1542b73c9\pcmcia.inf_loc Handle ID: 0xef0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sdstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9567ad83a0d7d2c3\sdstor.inf_loc Handle ID: 0x63c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sisraid2.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_754a204edd0f0d9f\sisraid2.inf_loc Handle ID: 0x914 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netxix64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_33fb3850baa71b4c\netxix64.inf_loc Handle ID: 0x15f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sisraid4.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fcb87ae32ff83d71\sisraid4.inf_loc Handle ID: 0x15bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_smartsamd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8588e8855f6ff254\SmartSAMD.inf_loc Handle ID: 0xa88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_smrdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_354185f777dd0e79\smrdisk.inf_loc Handle ID: 0x11cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sdbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e0ac5bc47e450655\sdbus.inf_loc Handle ID: 0x864 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_rtux64w10.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_11620f10817d5e71\rtux64w10.inf_loc Handle ID: 0x11e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_rt640x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_97e16ac4c71ce8ac\rt640x64.inf_loc Handle ID: 0x9c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_spaceport.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bbd42ccfce385e2d\spaceport.inf_loc Handle ID: 0xde4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netqenda.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9ae4708a5c6c73c8\netqenda.inf_loc Handle ID: 0xad8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_stexstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a309f5bbc8328172\STEXSTOR.inf_loc Handle ID: 0x910 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netelx.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_196b5dadc5c810b6\netelx.inf_loc Handle ID: 0xd84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_swenum.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_290071cd2ec341ed\swenum.inf_loc Handle ID: 0x12e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_storufs.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_db28a282598e9538\storufs.inf_loc Handle ID: 0x12fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_stornvme.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_97629f390a710428\stornvme.inf_loc Handle ID: 0x1478 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_tpm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b6f4c02d18a0b961\tpm.inf_loc Handle ID: 0xc78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_uaspstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_40ef14beeef02bab\uaspstor.inf_loc Handle ID: 0x1008 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_scsidev.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3826b3f85d92e559\scsidev.inf_loc Handle ID: 0x1608 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_uefi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5f55e23afe496b55\uefi.inf_loc Handle ID: 0x15f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ufxchipidea.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_26743bedd817ad4e\ufxchipidea.inf_loc Handle ID: 0xc4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ufxsynopsys.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad3366575b4371b1\ufxsynopsys.inf_loc Handle ID: 0xe84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_umbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_74e8d13cb3a2fc96\umbus.inf_loc Handle ID: 0xa24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_tape.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d8d3f605e0b7376a\tape.inf_loc Handle ID: 0xcb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_umpass.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7f83ed651cda9271\umpass.inf_loc Handle ID: 0x10dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_unknown.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e6cc4fa17bf56da4\unknown.inf_loc Handle ID: 0x1834 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbser.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f71c5a6fc324bee0\usbser.inf_loc Handle ID: 0x1790 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbhub3.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30a183fa06c34f68\usbhub3.inf_loc Handle ID: 0xf7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-onecore__usbxhci.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6cafa91c1196c1cf\usbxhci.inf_loc Handle ID: 0x92c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vdrvroot.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_071ca90aef89fb5c\vdrvroot.inf_loc Handle ID: 0x1774 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vhdmp.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a05990b658517951\vhdmp.inf_loc Handle ID: 0xa1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_virtdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_dd56640ae466af1e\virtdisk.inf_loc Handle ID: 0x172c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_volmgr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0939b1bd5303163\volmgr.inf_loc Handle ID: 0x6cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_volsnap.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c9543879209b8745\volsnap.inf_loc Handle ID: 0x71c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vsmraid.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4ceb6b8b928340c2\vsmraid.inf_loc Handle ID: 0xc30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usb.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_df0f6f89afc1a0e8\usb.inf_loc Handle ID: 0xec0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vstxraid.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e0e0cff64eb1c477\vstxraid.inf_loc Handle ID: 0xca0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdmvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d215b38a0ba5d9f4\wdmvsc.inf_loc Handle ID: 0x6f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_whyperkbd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_927da2fb396c3afe\whyperkbd.inf_loc Handle ID: 0x934 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdmaudio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_412cb03a0b7a7f12\wdmaudio.inf_loc Handle ID: 0xc98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad377322445ff73a\usbstor.inf_loc Handle ID: 0xda8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wmiacpi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2d0bb86732bc23a8\wmiacpi.inf_loc Handle ID: 0x7b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wstorflt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_53bde37991dff607\wstorflt.inf_loc Handle ID: 0x1364 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wstorvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_0efce8a95b0255a7\wstorvsc.inf_loc Handle ID: 0x117c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wvmbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30884c157d121d34\wvmbus.inf_loc Handle ID: 0xda4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wvmbushid.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3d1394aa83874dc9\wvmbushid.inf_loc Handle ID: 0x7b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wvmbusvideo.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2e479249f02e0c3\wvmbusvideo.inf_loc Handle ID: 0x1190 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wnetvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_167169796afde604\wnetvsc.inf_loc Handle ID: 0xd10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ykinx64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4055687bbea9193\ykinx64.inf_loc Handle ID: 0xd08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbport.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3fdd12d463484b9\usbport.inf_loc Handle ID: 0x18cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..apc-layer.resources_31bf3856ad364e35_10.0.19041.1_en-us_7be7a5cee15a57f2\adsldpc.dll.mui Handle ID: 0x1878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..ce-router.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e347ed36a45fd81\activeds.dll.mui Handle ID: 0x8f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_10.0.19041.1_en-us_ce7a85b750327612\advapi32.dll.mui Handle ID: 0x17d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-atl.resources_31bf3856ad364e35_10.0.19041.1_en-us_54eba4eaa26984df\atl.dll.mui Handle ID: 0xab0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-attrib.resources_31bf3856ad364e35_10.0.19041.1_en-us_96c8ce3d85e3c8dc\attrib.exe.mui Handle ID: 0xc40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\arp.exe.mui Handle ID: 0x1844 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advpack.resources_31bf3856ad364e35_11.0.19041.1_en-us_210a558112d44067\advpack.dll.mui Handle ID: 0x11ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..component.resources_31bf3856ad364e35_10.0.19041.1_en-us_2bf4ecc0039c575d\authui.dll.mui Handle ID: 0x9b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcrypt.resources_31bf3856ad364e35_10.0.19041.1_en-us_2e5423567305fe78\bcrypt.dll.mui Handle ID: 0xc38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..t-strings.resources_31bf3856ad364e35_10.0.19041.1_en-us_d3c612fa621c9f6a\bootstr.dll.mui Handle ID: 0x1160 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-brokerbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_5a7f62f12dac2520\BrokerLib.dll.mui Handle ID: 0x664 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_10.0.19041.1_en-us_d6fed10e17ad6860\bcdboot.exe.mui Handle ID: 0xb00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-capisp-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_c9e2a305668ff2a7\capisp.dll.mui Handle ID: 0xb3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-chkdsk.resources_31bf3856ad364e35_10.0.19041.1_en-us_0c1a13e5adfb2af2\chkdsk.exe.mui Handle ID: 0x11a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_1ab0646e3f323fae\certcli.dll.mui Handle ID: 0x119c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_10.0.19041.1_en-us_76bf1a170487a6bc\chkntfs.exe.mui Handle ID: 0x11c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-chkwudrv.resources_31bf3856ad364e35_10.0.19041.1_en-us_82175a59d98ac09a\chkwudrv.dll.mui Handle ID: 0xd20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0c24a7fa21cc723\clb.dll.mui Handle ID: 0x14b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-commonlog.resources_31bf3856ad364e35_10.0.19041.1_en-us_c849c8ae99dec2f9\clfs.sys.mui Handle ID: 0xa6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ectortool.resources_31bf3856ad364e35_10.0.19041.1_en-us_2bb281c48f9cbef4\bootsect.exe.mui Handle ID: 0x794 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-aclui.resources_31bf3856ad364e35_10.0.19041.1_en-us_f7c2e1b250493bfc\aclui.dll.mui Handle ID: 0x7ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_10.0.19041.1_en-us_0426d764e3f10dc7\bfe.dll.mui Handle ID: 0x181c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ertca-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_2410d445bf18b55f\certca.dll.mui Handle ID: 0x1554 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advapi32res.resources_31bf3856ad364e35_10.0.19041.1_en-us_ea3ae8cfbde65044\advapi32res.dll.mui Handle ID: 0x14f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-c..host-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_0c6d15e195ed1b14\Conhost.exe.mui Handle ID: 0xb30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..olehostv1.resources_31bf3856ad364e35_10.0.19041.1_en-us_31ca39347c9240f0\ConhostV1.dll.mui Handle ID: 0x1648 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-compact.resources_31bf3856ad364e35_10.0.19041.1_en-us_83b3f4081a9cc6c7\compact.exe.mui Handle ID: 0x930 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..n-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_72a8a82fc2ed76e2\ConsoleLogon.dll.mui Handle ID: 0x11a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..lientcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_95c525353ceeef67\clusapi.dll.mui Handle ID: 0x72c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..r-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_89e92105cd6d77fe\CredProv2faHelper.dll.mui Handle ID: 0x658 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_6e70c9a2dd0624b1\combase.dll.mui Handle ID: 0x11dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..t-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a8672d636923f63\credprovhost.dll.mui Handle ID: 0xa94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..s-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_4654f934d21cd8cf\credprovs.dll.mui Handle ID: 0x928 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_10.0.19041.1_en-us_af258e24ecb80d28\ci.dll.mui Handle ID: 0x7e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-c..propsheet.resources_31bf3856ad364e35_10.0.19041.1_en-us_b8246cc9e3f442f5\console.dll.mui Handle ID: 0x180c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..y-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_46656d40ca520a7e\credprovslegacy.dll.mui Handle ID: 0x178c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ab7e18695e9c9bb\cryptsvc.dll.mui Handle ID: 0xa5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptdlg-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb3b3dd8a19c2a90\cryptdlg.dll.mui Handle ID: 0xa64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptext-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_25638dfe55945840\cryptext.dll.mui Handle ID: 0x9f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptxml.resources_31bf3856ad364e35_10.0.19041.1_en-us_228d271942fed13d\cryptxml.dll.mui Handle ID: 0x1424 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_10.0.19041.1_en-us_9082189a80ce2580\csrss.exe.mui Handle ID: 0x1914 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-csrsrv.resources_31bf3856ad364e35_10.0.19041.1_en-us_33e94454343fe411\csrsrv.dll.mui Handle ID: 0xf64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..itybroker.resources_31bf3856ad364e35_10.0.19041.1_en-us_6d730047761b7783\dab.dll.mui Handle ID: 0xae8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..brokerapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_0a34bde99d56d7a3\dabapi.dll.mui Handle ID: 0xb48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootconfig.resources_31bf3856ad364e35_10.0.19041.1_en-us_7ad566f862dced56\bootcfg.exe.mui Handle ID: 0x978 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_en-us_a529a6c82f384a94\devicengccredprov.dll.mui Handle ID: 0x1778 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcpcmonitor.resources_31bf3856ad364e35_10.0.19041.1_en-us_53fd1d316bd1264a\dhcpcmonitor.dll.mui Handle ID: 0x6a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..dateagent.resources_31bf3856ad364e35_10.0.19041.1_en-us_0edefd828ffbe416\DeviceUpdateAgent.dll.mui Handle ID: 0xe00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_8417eb1259a3fb1a\crypt32.dll.mui Handle ID: 0x197c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ll-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_eadb7e9616d487fb\dhcpcsvc.dll.mui Handle ID: 0xd04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-defrag-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_2a0ddd00dd69a9dd\defragsvc.dll.mui Handle ID: 0xaf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_7bc14662e1d6e4fc\diagtrack.dll.mui Handle ID: 0x1840 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ll-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_eadb7e9616d487fb\dhcpcore.dll.mui Handle ID: 0x11ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ement-api.resources_31bf3856ad364e35_10.0.19041.1_en-us_c893af9901455f1d\DismApi.dll.mui Handle ID: 0xf70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ll-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_eadb7e9616d487fb\dhcpcore6.dll.mui Handle ID: 0x820 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ll-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_eadb7e9616d487fb\dhcpcsvc6.dll.mui Handle ID: 0x998 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9533bba3db6cf75\cryptui.dll.mui Handle ID: 0xe38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_cd341401a09aa4a7\dnsrslvr.dll.mui Handle ID: 0x98c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\doskey.exe.mui Handle ID: 0x1444 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dpapi-keys.resources_31bf3856ad364e35_10.0.19041.1_en-us_9eddcc16c540929b\dpapimig.exe.mui Handle ID: 0xb28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..andprompt.resources_31bf3856ad364e35_10.0.19041.1_en-us_3572ebbc3147b987\cmd.exe.mui Handle ID: 0x1154 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..anagement.resources_31bf3856ad364e35_10.0.19041.1_en-us_8fc7ab7387f75d5a\Dism.exe.mui Handle ID: 0x1288 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dpapisrv.resources_31bf3856ad364e35_10.0.19041.1_en-us_e3d4f0e8a9e6c731\dpapisrv.dll.mui Handle ID: 0xeb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..e-drvload.resources_31bf3856ad364e35_10.0.19041.1_en-us_4f66b930f4e83ef6\drvload.exe.mui Handle ID: 0x1768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-duser.resources_31bf3856ad364e35_10.0.19041.1_en-us_2b218626c22d85cd\duser.dll.mui Handle ID: 0xcf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..to-dssenh.resources_31bf3856ad364e35_10.0.19041.1_en-us_80cf8fc70ddcd703\dssenh.dll.mui Handle ID: 0xc18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dui70.resources_31bf3856ad364e35_10.0.19041.1_en-us_17b8cb4f02e55473\dui70.dll.mui Handle ID: 0x7b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..nager-api.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4b3633a231e4474\dwmapi.dll.mui Handle ID: 0xed8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-driverquery.resources_31bf3856ad364e35_10.0.19041.1_en-us_b303523261abd5aa\driverquery.exe.mui Handle ID: 0x1930 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_10.0.19041.1_en-us_38200a3bee0c73a9\bcdedit.exe.mui Handle ID: 0x192c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_10.0.19041.1_en-us_477355286d9a4b82\DWrite.dll.mui Handle ID: 0xed0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_cd341401a09aa4a7\dnsapi.dll.mui Handle ID: 0x1544 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_50f65a7eb567f702\dxgmms2.sys.mui Handle ID: 0x14d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eappcfgui.resources_31bf3856ad364e35_10.0.19041.1_en-us_80b65e99e944619c\eappcfgui.dll.mui Handle ID: 0x1450 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-graphics-wdi.resources_31bf3856ad364e35_10.0.19041.1_en-us_e109cb8995f0d27e\dxgwdi.dll.mui Handle ID: 0xdc8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_10.0.19041.1_en-us_e011aea3bfdf2441\eappgnui.dll.mui Handle ID: 0x1928 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapteap.resources_31bf3856ad364e35_10.0.19041.1_en-us_84727991456dd9d6\EapTeapAuth.dll.mui Handle ID: 0x18dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-efs-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_02d41c75ec2f1710\efssvc.dll.mui Handle ID: 0x1920 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-expand.resources_31bf3856ad364e35_10.0.19041.1_en-us_40dea5a39ca5c65a\expand.exe.mui Handle ID: 0x191c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_10.0.19041.1_en-us_e011aea3bfdf2441\eapphost.dll.mui Handle ID: 0x129c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ff6b176f939ed48\adtschema.dll.mui Handle ID: 0xca4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_5535197450a010c4\eapsvc.dll.mui Handle ID: 0x12f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\find.exe.mui Handle ID: 0xbc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c7d6d4ece1acf99\faultrep.dll.mui Handle ID: 0x768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..iguration.resources_31bf3856ad364e35_10.0.19041.1_en-us_1860b2d45ce5351d\fcon.dll.mui Handle ID: 0x1170 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\finger.exe.mui Handle ID: 0x116c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_e06c2db58995b0b9\fixmapi.exe.mui Handle ID: 0x1210 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-settings.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a7c75abaff778\FlightSettings.dll.mui Handle ID: 0x1214 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..e-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_c85ac9d1b2ed147c\efscore.dll.mui Handle ID: 0x18d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ger-utils.resources_31bf3856ad364e35_10.0.19041.1_en-us_7dfef4ac179f6223\fltlib.dll.mui Handle ID: 0x1794 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-diskraid.resources_31bf3856ad364e35_10.0.19041.1_en-us_769822667dad7fbf\diskraid.exe.mui Handle ID: 0xd50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_10.0.19041.1_en-us_21ca9b7f148978ef\ESENT.dll.mui Handle ID: 0x734 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ger-utils.resources_31bf3856ad364e35_10.0.19041.1_en-us_7dfef4ac179f6223\fltMC.exe.mui Handle ID: 0x880 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-etw-ese.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa43e6777eda8f90\ETWESEProviderResources.dll.mui Handle ID: 0xcd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_10.0.19041.1_en-us_bcbad7a73a606643\autoconv.exe.mui Handle ID: 0x15f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_7725a91f1043b62d\gpapi.dll.mui Handle ID: 0x748 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hid-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_cdcd73f1d4aff533\hid.dll.mui Handle ID: 0x74c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_10.0.19041.1_en-us_ff7f152290ec3c23\autochk.exe.mui Handle ID: 0x195c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\hostname.exe.mui Handle ID: 0xed4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hid-user.resources_31bf3856ad364e35_10.0.19041.1_en-us_1b939d7f8a8ff478\hidserv.dll.mui Handle ID: 0xaf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-http-api.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b636906d1ad06fb\httpapi.dll.mui Handle ID: 0x1588 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..utilities.resources_31bf3856ad364e35_11.0.19041.1_en-us_b4846b37ca23ac38\iertutil.dll.mui Handle ID: 0x1484 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..rtup-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b126399ccf94de6\fveapi.dll.mui Handle ID: 0x1458 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_10.0.19041.1_en-us_0426d764e3f10dc7\ikeext.dll.mui Handle ID: 0x15c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9653cfdb8700a93\imapi.dll.mui Handle ID: 0x8c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ftp.resources_31bf3856ad364e35_10.0.19041.1_en-us_c80fd1913f47ebee\ftp.exe.mui Handle ID: 0xd48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_10.0.19041.1_en-us_66cdc97910f775ef\InfDefaultInstall.exe.mui Handle ID: 0x11fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_50f65a7eb567f702\dxgkrnl.sys.mui Handle ID: 0x1318 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..libraries.resources_31bf3856ad364e35_10.0.19041.1_en-us_326591e3ae91ad0c\iphlpapi.dll.mui Handle ID: 0x1938 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_8f0cbcdfa9133f8e\imapi2.dll.mui Handle ID: 0x19a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_735d057c560c5710\ipsecsvc.dll.mui Handle ID: 0xcc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-icacls.resources_31bf3856ad364e35_10.0.19041.1_en-us_abbd2db726d27f31\ICacls.exe.mui Handle ID: 0xe10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-diskpart.resources_31bf3856ad364e35_10.0.19041.1_en-us_8688a8c5dd24bb5a\diskpart.exe.mui Handle ID: 0xfb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..deronline.resources_31bf3856ad364e35_10.0.19041.1_en-us_aaca3f9205cfd13a\joinproviderol.dll.mui Handle ID: 0x1388 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_7725a91f1043b62d\gpsvc.dll.mui Handle ID: 0x1108 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kdscli.resources_31bf3856ad364e35_10.0.19041.1_en-us_6c33b7f14f3f2940\KdsCli.dll.mui Handle ID: 0x1580 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..-inputdll.resources_31bf3856ad364e35_10.0.19041.1_en-us_343aeb95a5570e0e\input.dll.mui Handle ID: 0x67c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasifmon.resources_31bf3856ad364e35_10.0.19041.1_en-us_648c89538ca0acc7\ifmon.dll.mui Handle ID: 0xdfc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iscsi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a34220a7c1295edd\iscsilog.dll.mui Handle ID: 0x1358 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ipconfig.resources_31bf3856ad364e35_10.0.19041.1_en-us_7dce3c6f9d16792f\ipconfig.exe.mui Handle ID: 0xd00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-keyiso.resources_31bf3856ad364e35_10.0.19041.1_en-us_c07c0ec5136e399a\keyiso.dll.mui Handle ID: 0x708 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_14089ec954fee325\kmddsp.tsp.mui Handle ID: 0xe34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lmhsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_9aa56f36aaff7bbb\lmhsvc.dll.mui Handle ID: 0xe54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-kerberos.resources_31bf3856ad364e35_10.0.19041.1_en-us_34a3b4c6bc876a4e\kerberos.dll.mui Handle ID: 0x17a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..mplus.res.resources_31bf3856ad364e35_10.0.19041.1_en-us_590d912de16dd7ff\comres.dll.mui Handle ID: 0xb44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l..r-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_fe7fbb95dff7b4d7\LogonController.dll.mui Handle ID: 0x18a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f2bb353038d1523\lodctr.exe.mui Handle ID: 0x15a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_9282db59dc3419f7\lsm.dll.mui Handle ID: 0x1788 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-h..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e04a925c1703735\microsoft-windows-hal-events.dll.mui Handle ID: 0x1594 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f2bb353038d1523\loadperf.dll.mui Handle ID: 0x166c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_ae13c63515af9e10\microsoft-windows-kernel-processor-power-events.dll.mui Handle ID: 0x1904 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_10.0.19041.1_en-us_0426d764e3f10dc7\fwpuclnt.dll.mui Handle ID: 0x8e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_a9b183f6124385f0\microsoft-windows-kernel-pnp-events.dll.mui Handle ID: 0x17d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_aedc447f1d8c3dd6\microsoft-windows-storage-tiering-events.dll.mui Handle ID: 0x93c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fsutil.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f1aced26e36b255\fsutil.exe.mui Handle ID: 0x964 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-pdc-events-container.resources_31bf3856ad364e35_10.0.19041.1_en-us_788a5c82574bc929\microsoft-windows-pdc.dll.mui Handle ID: 0xecc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mpr.resources_31bf3856ad364e35_10.0.19041.1_en-us_70769b7fd35d9fbd\mpr.dll.mui Handle ID: 0x1918 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mountvol.resources_31bf3856ad364e35_10.0.19041.1_en-us_39638b526478ade4\mountvol.exe.mui Handle ID: 0x920 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..extension.resources_31bf3856ad364e35_10.0.19041.1_en-us_99a264c4eaf8da47\mprext.dll.mui Handle ID: 0xec4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_10.0.19041.1_en-us_3c98e1d535f8dda2\lsasrv.dll.mui Handle ID: 0x1360 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mfc42x.resources_31bf3856ad364e35_10.0.19041.1_en-us_7892c6682e6258c8\MFC42u.dll.mui Handle ID: 0xd6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mfc42x.resources_31bf3856ad364e35_10.0.19041.1_en-us_7892c6682e6258c8\MFC42.dll.mui Handle ID: 0xe60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-drv.resources_31bf3856ad364e35_10.0.19041.1_en-us_03b55cc5252496f1\mpsdrv.sys.mui Handle ID: 0x644 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_e06c2db58995b0b9\mapistub.dll.mui Handle ID: 0x13e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_e06c2db58995b0b9\mapi32.dll.mui Handle ID: 0xf68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msftedit.resources_31bf3856ad364e35_10.0.19041.1_en-us_90d13f9f19b6ba54\msftedit.dll.mui Handle ID: 0xf48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_en-us_50be0500bcbad1d2\mispace.dll.mui Handle ID: 0xf44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5d563c5058a2e407\msctf.dll.mui Handle ID: 0x13b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\mrinfo.exe.mui Handle ID: 0x14cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..otect-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_528ccedea3450375\mskeyprotect.dll.mui Handle ID: 0x15dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_3d59c1b62dd5b21b\FirewallAPI.dll.mui Handle ID: 0x8a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_6b12b466d4976e89\microsoft-windows-kernel-power-events.dll.mui Handle ID: 0xa34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_3d59c1b62dd5b21b\mpssvc.dll.mui Handle ID: 0x12c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mssign32-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_73e85422933e8c6d\mssign32.dll.mui Handle ID: 0x11d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msports.resources_31bf3856ad364e35_10.0.19041.1_en-us_90f3ea967f6869de\msports.dll.mui Handle ID: 0x115c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_04ea8621d9d8a97d\ncpa.cpl.mui Handle ID: 0x818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..cture-bsp.resources_31bf3856ad364e35_10.0.19041.1_en-us_83d24a0903134528\mswsock.dll.mui Handle ID: 0xe94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..tprov-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_3f7ffd832df84d58\ncryptprov.dll.mui Handle ID: 0x13fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..rity-ntlm.resources_31bf3856ad364e35_10.0.19041.1_en-us_1e060bde0bc59c10\msv1_0.dll.mui Handle ID: 0xd64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_28fcbc0fbbe74e1f\ndadmin.exe.mui Handle ID: 0xdc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netbt.resources_31bf3856ad364e35_10.0.19041.1_en-us_0731f5f39ac2dc9f\netbtugc.exe.mui Handle ID: 0x1220 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ncrypt.resources_31bf3856ad364e35_10.0.19041.1_en-us_7feb0e02f5d5e82c\ncrypt.dll.mui Handle ID: 0x738 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_10.0.19041.1_en-us_7161ccbabaf3e8a0\nbtstat.exe.mui Handle ID: 0x974 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netcfg.resources_31bf3856ad364e35_10.0.19041.1_en-us_ede48e8fc0a434c1\netcfg.exe.mui Handle ID: 0x69c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.19041.1_en-us_823386dc6c818518\netiougc.exe.mui Handle ID: 0x9b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_10.0.19041.1_en-us_db1c43d25c426c58\netcfgx.dll.mui Handle ID: 0x15b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netjoin.resources_31bf3856ad364e35_10.0.19041.1_en-us_2d65915d710f1401\netjoin.dll.mui Handle ID: 0xb40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml30.resources_31bf3856ad364e35_10.0.19041.1_en-us_efafef48e62ac770\msxml3r.dll.mui Handle ID: 0xf20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ff6b176f939ed48\msobjs.dll.mui Handle ID: 0x740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5b4926dbe2db04b\netlogon.dll.mui Handle ID: 0x6bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup.resources_31bf3856ad364e35_10.0.19041.1_en-us_92d5e8b2f2f67484\NetSetupSvc.dll.mui Handle ID: 0xcec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b211b7129114be3\microsoft-windows-system-events.dll.mui Handle ID: 0x17fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_28fcbc0fbbe74e1f\newdev.exe.mui Handle ID: 0x16d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netsh.resources_31bf3856ad364e35_10.0.19041.1_en-us_e1b46d336c8eb4ca\netsh.exe.mui Handle ID: 0xcb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..ut-ninput.resources_31bf3856ad364e35_10.0.19041.1_en-us_d616220101c3da79\Ninput.dll.mui Handle ID: 0x1640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mprmsg.resources_31bf3856ad364e35_10.0.19041.1_en-us_3ad0e46d6d1f83ee\mprmsg.dll.mui Handle ID: 0x9c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodensi.resources_31bf3856ad364e35_10.0.19041.1_en-us_f24223ac7f30b8f8\nsisvc.dll.mui Handle ID: 0x12cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\netstat.exe.mui Handle ID: 0x6c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntasn1.resources_31bf3856ad364e35_10.0.19041.1_en-us_0c4256b46cd622b9\ntasn1.dll.mui Handle ID: 0x1428 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..line-tool.resources_31bf3856ad364e35_10.0.19041.1_en-us_70f9c6776213a4bd\neth.dll.mui Handle ID: 0x15d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nlasvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_25655490f27852f7\nlasvc.dll.mui Handle ID: 0xbac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-ntlanman.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc073f291c1b8f1c\ntlanman.dll.mui Handle ID: 0x16f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_10.0.19041.1_en-us_28eefee5555bc47c\ntprint.exe.mui Handle ID: 0x170c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml60.resources_31bf3856ad364e35_10.0.19041.1_en-us_8b845fd226b860f5\msxml6r.dll.mui Handle ID: 0x1668 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ff6b176f939ed48\msaudite.dll.mui Handle ID: 0x1488 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..y-ntmarta.resources_31bf3856ad364e35_10.0.19041.1_en-us_3f9ec58679aea4ce\ntmarta.dll.mui Handle ID: 0xbe8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_28fcbc0fbbe74e1f\newdev.dll.mui Handle ID: 0x12b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-openwith.resources_31bf3856ad364e35_10.0.19041.1_en-us_d926929c99816f6e\OpenWith.exe.mui Handle ID: 0x1290 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_04ea8621d9d8a97d\netshell.dll.mui Handle ID: 0x1548 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntshrui.resources_31bf3856ad364e35_10.0.19041.1_en-us_ae4091dbb3166e73\ntshrui.dll.mui Handle ID: 0xd24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_422d1efffd701255\pathping.exe.mui Handle ID: 0xbb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_10.0.19041.1_en-us_4c5aae9da6f5b804\pcwum.dll.mui Handle ID: 0x184c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_10.0.19041.1_en-us_b649ce9d95e7ca66\oleaccrc.dll.mui Handle ID: 0x12b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-ole.resources_31bf3856ad364e35_10.0.19041.1_en-us_9a47a3aec25548ee\ole32.dll.mui Handle ID: 0x11b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_10.0.19041.1_en-us_0426d764e3f10dc7\nshwfp.dll.mui Handle ID: 0xdac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_en-us_db8562b276a70168\perfdisk.dll.mui Handle ID: 0x1634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_en-us_db8562b276a70168\perfnet.dll.mui Handle ID: 0x788 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_10.0.19041.1_en-us_b5da0cd4eeee462b\imapi2fs.dll.mui Handle ID: 0xfc0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_en-us_db8562b276a70168\perfctrs.dll.mui Handle ID: 0x1718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_en-us_db8562b276a70168\perfproc.dll.mui Handle ID: 0xc34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_en-us_db8562b276a70168\perfos.dll.mui Handle ID: 0x16a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpclean.resources_31bf3856ad364e35_10.0.19041.1_en-us_a943398c77854b81\pnpclean.dll.mui Handle ID: 0x1814 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..nager-rll.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5ce5935f2ccce28\odbcint.dll.mui Handle ID: 0xc1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_en-us_4a1b5785f361c947\pnppolicy.dll.mui Handle ID: 0x12a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7eed11ea07bd4d1c\pnpui.dll.mui Handle ID: 0x1148 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..cingstack.resources_31bf3856ad364e35_10.0.19041.1_en-us_42aac8453420acd4\poqexec.exe.mui Handle ID: 0xc94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_735d057c560c5710\polstore.dll.mui Handle ID: 0x1858 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_422d1efffd701255\ping.exe.mui Handle ID: 0x17b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_10.0.19041.1_en-us_28eefee5555bc47c\ntprint.dll.mui Handle ID: 0xf18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\print.exe.mui Handle ID: 0xdec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userenvext.resources_31bf3856ad364e35_10.0.19041.1_en-us_96660d061e45297b\profext.dll.mui Handle ID: 0xfec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..npeplugin.resources_31bf3856ad364e35_10.0.19041.1_en-us_fba6acc62f22d2b3\PnPUnattend.exe.mui Handle ID: 0xce4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..minkernel.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f7e552c79c688a7\prflbmsg.dll.mui Handle ID: 0xc24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pshed.resources_31bf3856ad364e35_10.0.19041.1_en-us_498552201881e70c\pshed.dll.mui Handle ID: 0x149c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7d22aa39e59cfe75\rasautou.exe.mui Handle ID: 0x1564 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7d22aa39e59cfe75\rasauto.dll.mui Handle ID: 0x874 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..-base-vpn.resources_31bf3856ad364e35_10.0.19041.1_en-us_1798d6af18f46a77\rasapi32.dll.mui Handle ID: 0x1568 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnputil.resources_31bf3856ad364e35_10.0.19041.1_en-us_929eb5cc557f5194\pnputil.exe.mui Handle ID: 0x14c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..p-raschap.resources_31bf3856ad364e35_10.0.19041.1_en-us_c78e49d648eafe5c\raschap.dll.mui Handle ID: 0x1408 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_10.0.19041.1_en-us_761f89bd7d6d7bf2\rasctrs.dll.mui Handle ID: 0x11d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-raschap.resources_31bf3856ad364e35_10.0.19041.1_en-us_e4aa96fdb56002b4\raschapext.dll.mui Handle ID: 0x11b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_14089ec954fee325\rasdiag.dll.mui Handle ID: 0x5b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..rvice-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_d4a7415c510717a5\rasmans.dll.mui Handle ID: 0xe44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..tymanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ea63625f109f122\rasmbmgr.dll.mui Handle ID: 0x810 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-profsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_1cad2165a3d16b35\profsvc.dll.mui Handle ID: 0x1528 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_9937e4f2c0954fcd\netmsg.dll.mui Handle ID: 0x8a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_e4333b5ebd7b1668\rdrleakdiag.exe.mui Handle ID: 0x1508 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_10.0.19041.1_en-us_ec5f97876b2bef00\powercfg.exe.mui Handle ID: 0x110c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-recover.resources_31bf3856ad364e35_10.0.19041.1_en-us_19341bd8495fd344\recover.exe.mui Handle ID: 0x958 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..anagement.resources_31bf3856ad364e35_10.0.19041.1_en-us_bb340319c9c94b55\powrprof.dll.mui Handle ID: 0x1714 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\replace.exe.mui Handle ID: 0x16d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-regsvr32.resources_31bf3856ad364e35_10.0.19041.1_en-us_cf36865100575d06\regsvr32.exe.mui Handle ID: 0x16bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..lientcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_95c525353ceeef67\resutils.dll.mui Handle ID: 0x1410 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rastls.resources_31bf3856ad364e35_10.0.19041.1_en-us_652b6f63c7d7c5dd\rastlsext.dll.mui Handle ID: 0x7c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..ap-rastls.resources_31bf3856ad364e35_10.0.19041.1_en-us_2a444baded9aa897\rastls.dll.mui Handle ID: 0x17bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-propsys.resources_31bf3856ad364e35_7.0.19041.1_en-us_4a8890ed170f3fda\propsys.dll.mui Handle ID: 0xefc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\netiohlp.dll.mui Handle ID: 0xbf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 12544 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasrtutils.resources_31bf3856ad364e35_10.0.19041.1_en-us_9326bb2bb2334a5b\rtutils.dll.mui Handle ID: 0x18f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..intmapper.resources_31bf3856ad364e35_10.0.19041.1_en-us_a089d76598edf0e6\RpcEpMap.dll.mui Handle ID: 0x10f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\route.exe.mui Handle ID: 0x1968 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..ne-editor.resources_31bf3856ad364e35_10.0.19041.1_en-us_698daebf9eb1b4d5\reg.exe.mui Handle ID: 0x1534 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_10.0.19041.1_en-us_02bc904438c2428c\rundll32.exe.mui Handle ID: 0x1300 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..to-rsaenh.resources_31bf3856ad364e35_10.0.19041.1_en-us_16a62acbc62312bf\rsaenh.dll.mui Handle ID: 0xb14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..tservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_7897f64125c10402\sacsess.exe.mui Handle ID: 0x1430 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..i-printui.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a72d2107dc73c0a\printui.dll.mui Handle ID: 0x16d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..tservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_7897f64125c10402\sacsvr.dll.mui Handle ID: 0x9a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-robocopy.resources_31bf3856ad364e35_10.0.19041.1_en-us_6abbcc8b8fcc07e3\Robocopy.exe.mui Handle ID: 0xfa4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sechost.resources_31bf3856ad364e35_10.0.19041.1_en-us_93136f66ce7ffac1\sechost.dll.mui Handle ID: 0x14b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-schannel.resources_31bf3856ad364e35_10.0.19041.1_en-us_9d11d42ad8409f53\schannel.dll.mui Handle ID: 0x16f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refsutil.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa8d7acfdd7882d6\refsutil.exe.mui Handle ID: 0x16cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rpc-local.resources_31bf3856ad364e35_10.0.19041.1_en-us_51acac215ce8b77d\rpcrt4.dll.mui Handle ID: 0x1104 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_87cbe14d4de4bd62\SHCore.dll.mui Handle ID: 0x16b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_09c08624c36693a8\shlwapi.dll.mui Handle ID: 0x16b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ty-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc7274f372ed8e13\sfc.exe.mui Handle ID: 0x1804 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shutdownux.resources_31bf3856ad364e35_10.0.19041.1_en-us_36aacb7f6bff451d\ShutdownUX.dll.mui Handle ID: 0x1678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_10.0.19041.1_en-us_1fee549ac552b43c\services.exe.mui Handle ID: 0x1644 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..rver-apis.resources_31bf3856ad364e35_10.0.19041.1_en-us_1540b052425beb5b\smbwmiv2.dll.mui Handle ID: 0x1660 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smss.resources_31bf3856ad364e35_10.0.19041.1_en-us_9a5b45e6fe928308\smss.exe.mui Handle ID: 0x1690 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_en-us_50be0500bcbad1d2\smphost.dll.mui Handle ID: 0x196c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_10.0.19041.1_en-us_870ec821d56378ca\sppnp.dll.mui Handle ID: 0x1034 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_10.0.19041.1_en-us_36f866b8332aaeff\srvsvc.dll.mui Handle ID: 0xde8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_10.0.19041.1_en-us_36f866b8332aaeff\sscore.dll.mui Handle ID: 0xffc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ineclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_02abb9877c778368\scecli.dll.mui Handle ID: 0x1984 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setupapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2051dad616bfbe07\setupapi.dll.mui Handle ID: 0x1030 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\subst.exe.mui Handle ID: 0x1024 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_10.0.19041.1_en-us_0739fe5d46d729eb\svchost.exe.mui Handle ID: 0x970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..vices-sam.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca714bf2ded4fd68\samsrv.dll.mui Handle ID: 0xc48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-svsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_68b9867325ec3faf\svsvc.dll.mui Handle ID: 0x1924 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..mprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_155d8a8d329175f4\swprv.dll.mui Handle ID: 0xd40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ionengine.resources_31bf3856ad364e35_10.0.19041.1_en-us_9f39397eb9eb1ed9\scesrv.dll.mui Handle ID: 0xd88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasdlg.resources_31bf3856ad364e35_10.0.19041.1_en-us_6bff3fa1e7605439\rasdlg.dll.mui Handle ID: 0xa2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysclass.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfea6091084df19f\sysclass.dll.mui Handle ID: 0xef8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tapi2xclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_9eff89d194dc48d3\tapi32.dll.mui Handle ID: 0xa70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ntsbroker.resources_31bf3856ad364e35_10.0.19041.1_en-us_cd5e1703fb559393\SystemEventsBrokerServer.dll.mui Handle ID: 0x680 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_en-us_a7c23b7b252bca10\sxstrace.exe.mui Handle ID: 0xe04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storprop.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e93e1af9be76663\Storprop.dll.mui Handle ID: 0xa30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..e-rassstp.resources_31bf3856ad364e35_10.0.19041.1_en-us_9ed054c8f82d3c7c\sstpsvc.dll.mui Handle ID: 0x728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_en-us_a7c23b7b252bca10\sxs.dll.mui Handle ID: 0x1134 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-timebroker.resources_31bf3856ad364e35_10.0.19041.1_en-us_d0696e9a20fe5354\TimeBrokerServer.dll.mui Handle ID: 0xa08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef3b2554816b1504\sppc.dll.mui Handle ID: 0xa04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_en-us_c10bc33ae3f4a3aa\TrustedSignalCredProv.dll.mui Handle ID: 0x16e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_422d1efffd701255\tracert.exe.mui Handle ID: 0x194c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-takeown.resources_31bf3856ad364e35_10.0.19041.1_en-us_6c295aa8904b0eb1\takeown.exe.mui Handle ID: 0xaac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapttls.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2a853e22d141a77\TtlsAuth.dll.mui Handle ID: 0xd9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef3b2554816b1504\slc.dll.mui Handle ID: 0xba8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapttls.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2a853e22d141a77\TtlsCfg.dll.mui Handle ID: 0x1050 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..x-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_4a5d75c34ba6f636\TSSessionUX.dll.mui Handle ID: 0xfe8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.19041.1_en-us_823386dc6c818518\tcpipcfg.dll.mui Handle ID: 0xb5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasmontr.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5d2edf4eb729cbc\rasmontr.dll.mui Handle ID: 0xe8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l..skmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_a52a78f85b7ec197\taskmgr.exe.mui Handle ID: 0x114c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..atahelper.resources_31bf3856ad364e35_10.0.19041.1_en-us_eb00c854b52e87c6\tdh.dll.mui Handle ID: 0x169c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..erservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_a6b88435313203cc\umpo.dll.mui Handle ID: 0x16a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f2bb353038d1523\unlodctr.exe.mui Handle ID: 0x1468 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userenv.resources_31bf3856ad364e35_10.0.19041.1_en-us_79e35164c2cf79d2\userenv.dll.mui Handle ID: 0x1870 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_10.0.19041.1_en-us_45e1b3af71b01941\userinit.exe.mui Handle ID: 0x1518 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userinitext.resources_31bf3856ad364e35_10.0.19041.1_en-us_94f4ba71a45d6fd4\userinitext.dll.mui Handle ID: 0x1638 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-system-user-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_22e0c92c7b30cdfd\usermgr.dll.mui Handle ID: 0xbec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-umpnpmgr.resources_31bf3856ad364e35_10.0.19041.1_en-us_1bd351c127f6d03f\umpnpmgr.dll.mui Handle ID: 0x162c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_c072fc43c852c692\UIAutomationCore.dll.mui Handle ID: 0xbe0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_7bc14662e1d6e4fc\utcutil.dll.mui Handle ID: 0xabc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_10.0.19041.1_en-us_f6d3d801594c601f\utildll.dll.mui Handle ID: 0x6b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_cbfdd178d867fd99\vdsbas.dll.mui Handle ID: 0xe08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-uxtheme.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc110ce9e60367ee\uxtheme.dll.mui Handle ID: 0xb64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_5801e9f68bdc3d85\vds.exe.mui Handle ID: 0x1828 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3ef054dca7ac088\user32.dll.mui Handle ID: 0x1200 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..kprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_e72971a2c1f6c25b\vdsvd.dll.mui Handle ID: 0x1868 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_da49ed797c177968\vdsdyn.dll.mui Handle ID: 0x1614 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..timezones.resources_31bf3856ad364e35_10.0.19041.1_en-us_39665f8e21240c1b\tzres.dll.mui Handle ID: 0x16c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.0.19041.1_en-us_586539fbebb0cc9c\urlmon.dll.mui Handle ID: 0x1970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..component.resources_31bf3856ad364e35_10.0.19041.1_en-us_f5f9b416a9f26530\Websocket.dll.mui Handle ID: 0x15d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssapi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_e3b5e59f30ca6174\vsstrace.dll.mui Handle ID: 0x1470 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-d..ier-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_830af9ea9aba3650\verifier.exe.mui Handle ID: 0xcf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webio.resources_31bf3856ad364e35_10.0.19041.1_en-us_b56aa669d807b6f4\webio.dll.mui Handle ID: 0x163c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c7d6d4ece1acf99\WerFaultSecure.exe.mui Handle ID: 0xedc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9049899d62a0e4d\wer.dll.mui Handle ID: 0xbd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9c7ae36f6e0f219\wevtapi.dll.mui Handle ID: 0x8f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_38e91adb05b98d4f\wersvc.dll.mui Handle ID: 0x85c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..rverifier.resources_31bf3856ad364e35_10.0.19041.1_en-us_21ae65cdb04194d8\verifiergui.exe.mui Handle ID: 0x908 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c7d6d4ece1acf99\WerFault.exe.mui Handle ID: 0x1850 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-time-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_08f6da56337b289b\w32time.dll.mui Handle ID: 0x12bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog.resources_31bf3856ad364e35_10.0.19041.1_en-us_53f7dd16602c8a90\wevtsvc.dll.mui Handle ID: 0xcbc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..er-common.resources_31bf3856ad364e35_10.0.19041.1_en-us_fbb670ada24a4e33\Windows.FileExplorer.Common.dll.mui Handle ID: 0xbe4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_5801e9f68bdc3d85\vdsutil.dll.mui Handle ID: 0x754 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wincredui.resources_31bf3856ad364e35_10.0.19041.1_en-us_61e25015a031831a\wincredui.dll.mui Handle ID: 0xa8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimgapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_cf48a18a5fdfb544\wimgapi.dll.mui Handle ID: 0x1684 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ontroller.resources_31bf3856ad364e35_10.0.19041.1_en-us_e1322100908d69a1\Windows.UI.CredDialogController.dll.mui Handle ID: 0xc3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winbio.resources_31bf3856ad364e35_10.0.19041.1_en-us_51cbd1658a9e8304\winbio.dll.mui Handle ID: 0x1158 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb569e49a9e4cc22\wininit.exe.mui Handle ID: 0xa60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-win32kbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_d6afa8b21943e171\win32kbase.sys.mui Handle ID: 0xcf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..mmandline.resources_31bf3856ad364e35_10.0.19041.1_en-us_ea8a56fd969c14c6\wevtutil.exe.mui Handle ID: 0x1054 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..core-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_201c821693305023\winmmbase.dll.mui Handle ID: 0x8f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.19041.1_en-us_65e4d1beb3d1f96f\winhttp.dll.mui Handle ID: 0xd18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_11.0.19041.1_en-us_0233336163e096a7\wininet.dll.mui Handle ID: 0x1010 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_dbfd617ca96275f5\winpeshl.exe.mui Handle ID: 0xff4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..temclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_882f8b99a2f630ef\WinSCard.dll.mui Handle ID: 0x1018 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_10.0.19041.1_en-us_63ce793a38227711\winsockhc.dll.mui Handle ID: 0x16c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntdll.resources_31bf3856ad364e35_10.0.19041.1_en-us_1e85c098fb7f7a14\ntdll.dll.mui Handle ID: 0x15e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_6e70c9a2dd0624b1\wintypes.dll.mui Handle ID: 0xa78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanutil.resources_31bf3856ad364e35_10.0.19041.1_en-us_19ec72bf503086d4\wlanutil.dll.mui Handle ID: 0x1988 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3ba4d44a3c97f27\winsrv.dll.mui Handle ID: 0x1600 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_10.0.19041.1_en-us_80e99f0ea373f8b5\winlogon.exe.mui Handle ID: 0x1490 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..t-storage.resources_31bf3856ad364e35_10.0.19041.1_en-us_6910ea60b47c64f0\windows.storage.dll.mui Handle ID: 0x12d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ldap-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_915cf6e0c6649f87\wldap32.dll.mui Handle ID: 0x744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..winmmbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_86ddc39268efcf81\winmm.dll.mui Handle ID: 0x7a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_193efb2cb0113a35\wmiprop.dll.mui Handle ID: 0x884 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wldp.resources_31bf3856ad364e35_10.0.19041.1_en-us_e1df6e92b40dd5f7\wldp.dll.mui Handle ID: 0x8e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ngsclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_b45a35e2ca3bc553\wosc.dll.mui Handle ID: 0x154c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..onservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_4d9899a205ad9bf0\wkssvc.dll.mui Handle ID: 0x17f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_10.0.19041.1_en-us_191f132b3e6a20ca\wship6.dll.mui Handle ID: 0x1864 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_10.0.19041.1_en-us_191f132b3e6a20ca\wshtcpip.dll.mui Handle ID: 0x1694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_dbfd617ca96275f5\wpeutil.dll.mui Handle ID: 0x1574 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_10.0.19041.1_en-us_63ce793a38227711\wshelper.dll.mui Handle ID: 0x89c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ck-legacy.resources_31bf3856ad364e35_10.0.19041.1_en-us_01acc92f39697d8a\wsock32.dll.mui Handle ID: 0x158c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ure-ws232.resources_31bf3856ad364e35_10.0.19041.1_en-us_c4008a5924567538\ws2_32.dll.mui Handle ID: 0x1578 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..er-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_7a8494abb092d578\winspool.drv.mui Handle ID: 0x157c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ocale-nls.resources_31bf3856ad364e35_10.0.19041.1_en-us_92f5de385d9dc263\winnlsres.dll.mui Handle ID: 0x804 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_c4a82d26159d7480\webservices.dll.mui Handle ID: 0x86c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shell32.resources_31bf3856ad364e35_10.0.19041.1_en-us_0f9ad41d78392a6f\shell32.dll.mui Handle ID: 0x1550 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..libraries.resources_31bf3856ad364e35_10.0.19041.1_en-us_e9d5d1b37e0ee7d0\ulib.dll.mui Handle ID: 0x878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_en-us_a7c23b7b252bca10\SxsMigPlugin.dll.mui Handle ID: 0x88c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_10.0.19041.1_en-us_f30bd101c4a20012\kernel32.dll.mui Handle ID: 0x1494 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_2e0dc83355e5b510\KernelBase.dll.mui Handle ID: 0x870 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_en-us_50be0500bcbad1d2\mispace_uninstall.mfl Handle ID: 0x14a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_en-us_50be0500bcbad1d2\mispace.mfl Handle ID: 0x12a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi_passthru_uninstall.mfl Handle ID: 0x16a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\ncprov.mfl Handle ID: 0x1498 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..rver-apis.resources_31bf3856ad364e35_10.0.19041.1_en-us_1540b052425beb5b\smbwmiv2.mfl Handle ID: 0x14c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\ScrCons.mfl Handle ID: 0x14ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\subscrpt.mfl Handle ID: 0x1144 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\smtpcons.mfl Handle ID: 0x7bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\wmi.mfl Handle ID: 0x17cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\secrcw32.mfl Handle ID: 0x14a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\WbemCons.mfl Handle ID: 0xb10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\interop.mfl Handle ID: 0x16ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\wmipcima.mfl Handle ID: 0xab8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\system.mfl Handle ID: 0x10a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..owershell.resources_31bf3856ad364e35_10.0.19041.1_en-us_84bc5f488e890c95\SmbLocalization.psd1 Handle ID: 0xae0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\cimwin32.mfl Handle ID: 0x19b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_0f8924c0debe64e4.cdf-ms Handle ID: 0xdb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_en-us_da440b72296cc45e.cdf-ms Handle ID: 0x1934 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_resources_en-us_3393f588464e4d11.cdf-ms Handle ID: 0x143c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms Handle ID: 0x808 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms Handle ID: 0x13ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_help_mui_0409_c7942094fabea651.cdf-ms Handle ID: 0x1700 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_en-us_0ef70046e1d1b811.cdf-ms Handle ID: 0x1698 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms Handle ID: 0x860 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_lsm_0409_b44cb59d03cf68aa.cdf-ms Handle ID: 0x1630 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_lsm_b45be09c559d6e1d.cdf-ms Handle ID: 0xbdc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_remoteaccess_0409_86bc979ae65d5e96.cdf-ms Handle ID: 0xd7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_remoteaccess_110554180baafc8b.cdf-ms Handle ID: 0x1624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms Handle ID: 0x101c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms Handle ID: 0x13f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms Handle ID: 0x144c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_resources_themes_aero_en-us_ab16867f204414fa.cdf-ms Handle ID: 0x146c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_0409_06652563df2ff0c1.cdf-ms Handle ID: 0x1454 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms Handle ID: 0x11e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_boot_en-us_bd4746182a790f00.cdf-ms Handle ID: 0x15ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_diagsvcs_dd4fddd4aaa5e8ac.cdf-ms Handle ID: 0x128c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_diagsvcs_en-us_30b82d6497b06504.cdf-ms Handle ID: 0x1460 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_dism_en-us_064f3ab06d0848d3.cdf-ms Handle ID: 0x1440 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_dism_066548addf2fbd4b.cdf-ms Handle ID: 0x774 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_umdf_en-us_b8ba9f5b7f1c3933.cdf-ms Handle ID: 0xc5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_migration_en-us_815d10948a0810a2.cdf-ms Handle ID: 0x17e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_mui_0409_ecc96e0e9498d62e.cdf-ms Handle ID: 0x17c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_oobe_en-us_e44fe14df02b3595.cdf-ms Handle ID: 0xe88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_setup_5d3758a05cf4a445.cdf-ms Handle ID: 0x18c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_setup_en-us_afa35959583f5dbd.cdf-ms Handle ID: 0x8e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_sysprep_en-us_ed807a30a752749a.cdf-ms Handle ID: 0x1510 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_smbshare_en-us_afb84194eaac32a1.cdf-ms Handle ID: 0x17c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_smbshare_b160c489ca4b107d.cdf-ms Handle ID: 0xa28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_dism_en-us_c5f337028c1b1b59.cdf-ms Handle ID: 0x14e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_dism_1bf2381fbb30eb13.cdf-ms Handle ID: 0x14a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_triedit_en-us_59ae2daa07429081.cdf-ms Handle ID: 0xf00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_system_ado_en-us_9c12689ac1360dc2.cdf-ms Handle ID: 0x898 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_system_msadc_en-us_58bb034fa66b57cc.cdf-ms Handle ID: 0x1368 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_system_ole_db_en-us_5ff73071fce05070.cdf-ms Handle ID: 0x17f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nputpanel-languages_31bf3856ad364e35_10.0.19041.1_none_755485689bff7973\tipresx.dll Handle ID: 0x17ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_10.0.19041.1_en-us_b30606e73c3e9798\TabTip.exe.mui Handle ID: 0xf2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..tkeyboard.resources_31bf3856ad364e35_10.0.19041.1_en-us_9e1a6f1ae580eb2b\tabskb.dll.mui Handle ID: 0xb38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\auxpad.xml Handle ID: 0x1610 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\insert.xml Handle ID: 0x940 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_c7530040e79a9aee\TipTsf.dll.mui Handle ID: 0x1354 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\keypad.xml Handle ID: 0xef0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskclearui.xml Handle ID: 0xdf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskmenu.xml Handle ID: 0x724 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknav.xml Handle ID: 0x1874 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknumpad.xml Handle ID: 0xe78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_en-us_68ce1881981b1956\tipresx.dll.mui Handle ID: 0x720 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskpred.xml Handle ID: 0x11e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\symbols.xml Handle ID: 0x15bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\auxbase.xml Handle ID: 0x924 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\keypadbase.xml Handle ID: 0xf24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\insertbase.xml Handle ID: 0x1234 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ea.xml Handle ID: 0x668 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\kor-kor.xml Handle ID: 0x840 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\baseAltGr_rtl.xml Handle ID: 0xaf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base.xml Handle ID: 0xaec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_heb.xml Handle ID: 0xb08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_altgr.xml Handle ID: 0xd84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_jpn.xml Handle ID: 0x118c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_kor.xml Handle ID: 0x136c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_ca.xml Handle ID: 0xe0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_rtl.xml Handle ID: 0x934 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_10.0.19041.1_en-us_b30606e73c3e9798\TipRes.dll.mui Handle ID: 0x624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskclearuibase.xml Handle ID: 0xdb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskmenubase.xml Handle ID: 0x95c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknavbase.xml Handle ID: 0x1818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknumpadbase.xml Handle ID: 0x7b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskpredbase.xml Handle ID: 0x1364 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ea-sym.xml Handle ID: 0xcb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\zh-changjei.xml Handle ID: 0x18cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ja-jp-sym.xml Handle ID: 0x1878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\zh-dayi.xml Handle ID: 0xf90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\main.xml Handle ID: 0x6a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\zh-phonetic.xml Handle ID: 0xd54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ko-kr.xml Handle ID: 0x990 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ja-jp.xml Handle ID: 0xab0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\symbase.xml Handle ID: 0xd20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_3657e07d684f0581\RecEnv.exe.mui Handle ID: 0xfa8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_3657e07d684f0581\StartRep.exe.mui Handle ID: 0x8f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.19041.1_none_7e470436241a018f\hh.exe Handle ID: 0xaa0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-dvd-efi_31bf3856ad364e35_10.0.19041.1_none_8b38a4d923e0a37e\BCD Handle ID: 0xd58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nvironment-dvd-pcat_31bf3856ad364e35_10.0.19041.1_none_5008dee6cfdc303c\BCD Handle ID: 0x72c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..d-bootfix.resources_31bf3856ad364e35_10.0.19041.1_en-us_4ff5f1d54e8346ca\bootfix.bin Handle ID: 0xa7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..onment-dvd-etfsboot_31bf3856ad364e35_10.0.19041.1_none_dc4e5ab15169832e\etfsboot.com Handle ID: 0x794 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.19041.1_none_c780234a16dfd399\TabTip.exe Handle ID: 0x198c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.19041.1_none_7feeab380f6fb6aa\RecEnv.exe Handle ID: 0x84c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_10.0.19041.1_none_d29e3857b870499d\tiptsf.dll Handle ID: 0xda4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.19041.1_none_c780234a16dfd399\TipRes.dll Handle ID: 0xa64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.19041.1_none_7feeab380f6fb6aa\StartRep.exe Handle ID: 0x9f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.19041.1_none_c780234a16dfd399\tipskins.dll Handle ID: 0x80c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nvironment-dvd-pcat_31bf3856ad364e35_10.0.19041.1_none_5008dee6cfdc303c\boot.sdi Handle ID: 0x97c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-dvd-efi_31bf3856ad364e35_10.0.19041.1_none_8b38a4d923e0a37e\boot.sdi Handle ID: 0xf64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_10.0.19041.1_en-us_6b3f542b20656524\hh.exe.mui Handle ID: 0x978 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ironment-dvd-efisys_31bf3856ad364e35_10.0.19041.1_none_1891f4ff823a4461\efisys_noprompt.bin Handle ID: 0x178c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ironment-dvd-efisys_31bf3856ad364e35_10.0.19041.1_none_1891f4ff823a4461\efisys.bin Handle ID: 0x1944 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b018d9a63164212\sapisvr.exe.mui Handle ID: 0xc14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-speechcommonnoia64_31bf3856ad364e35_10.0.19041.1_none_b89a948362edb3e7\sapisvr.exe Handle ID: 0x1570 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\M1033ZIR.INI Handle ID: 0x13dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\M1033ZIR.Keyboard.NUS Handle ID: 0x1368 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1_none_8591bd54bdb2be6f\AtBroker.exe Handle ID: 0xc50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\audioresourceregistrar.dll Handle ID: 0x1654 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmcss_31bf3856ad364e35_10.0.19041.1_none_0d89446c82e7b332\avrt.dll Handle ID: 0x1124 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-engine-proxy-main_31bf3856ad364e35_10.0.19041.1_none_5a93d463d29ea477\blbres.dll Handle ID: 0x145c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-ui-libs_31bf3856ad364e35_10.0.19041.1_none_f1a66ceadc1ac5a7\bdeui.dll Handle ID: 0x638 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_10.0.19041.1_none_87e54edbaf62ca00\bderepair.dll Handle ID: 0x17e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ondata-wmi-provider_31bf3856ad364e35_10.0.19041.1_none_6658ea421c6ab115\bcdprov.dll Handle ID: 0x1934 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-engine-proxy-main_31bf3856ad364e35_10.0.19041.1_none_5a93d463d29ea477\blb_ps.dll Handle ID: 0x7c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcp47languages_31bf3856ad364e35_10.0.19041.1_none_505b5b44763139f0\BCP47mrm.dll Handle ID: 0x17ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..iocorepolicymanager_31bf3856ad364e35_10.0.19041.1_none_fe4e5b7cbac78006\AudioSrvPolicyManager.dll Handle ID: 0x152c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\AUDIOKSE.dll Handle ID: 0x17dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcp47languages_31bf3856ad364e35_10.0.19041.1_none_505b5b44763139f0\BCP47Langs.dll Handle ID: 0x7d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\audiodg.exe Handle ID: 0x1384 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-cloudrec_31bf3856ad364e35_10.0.19041.1_none_fce31da777d54f96\CloudRecApi.dll Handle ID: 0x7f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootmenuux_31bf3856ad364e35_10.0.19041.1_none_aad2a22bb4bb6bb7\BootMenuUX.dll Handle ID: 0x8d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakrathunk.dll Handle ID: 0x1610 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.19041.1_none_7feeab380f6fb6aa\BootRec.exe Handle ID: 0x1280 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakradiag.dll Handle ID: 0x1730 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-disasterrecoveryui_31bf3856ad364e35_10.0.19041.1_none_ef4afdf204e52ca3\bmrui.exe Handle ID: 0x1110 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-cloudrec_31bf3856ad364e35_10.0.19041.1_none_fce31da777d54f96\CloudRecSvc.exe Handle ID: 0x7e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\AudioEndpointBuilder.dll Handle ID: 0xc5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..diopolicymanagerext_31bf3856ad364e35_10.0.19041.1_none_4c67ee16a4c91364\coreaudiopolicymanagerext.dll Handle ID: 0x724 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\tabskb.dll Handle ID: 0x940 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..onentpackagesupport_31bf3856ad364e35_10.0.19041.1_none_15ad78a57833209d\CompPkgSup.dll Handle ID: 0xf00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..onentpackagesupport_31bf3856ad364e35_10.0.19041.1_none_15ad78a57833209d\CompPkgSrv.exe Handle ID: 0xdf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\cscript.exe Handle ID: 0x14a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\CoreMas.dll Handle ID: 0x1440 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.1_none_740ee67443167eb4\DetailedReading-Default.xml Handle ID: 0x15a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\dispex.dll Handle ID: 0xef0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore-client_31bf3856ad364e35_10.0.19041.1_none_7fa0f248f62ae8e5\AudioSes.dll Handle ID: 0xb38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\AudioEng.dll Handle ID: 0x778 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dskquota_31bf3856ad364e35_10.0.19041.1_none_34047f8253bab333\dskquota.dll Handle ID: 0x634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\audiosrv.dll Handle ID: 0x19b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..tartup-fverecoverux_31bf3856ad364e35_10.0.19041.1_none_0520717b3afe6966\fverecoverux.dll Handle ID: 0x1414 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.19041.1_none_7e470436241a018f\hhsetup.dll Handle ID: 0x11e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hbaapi_31bf3856ad364e35_10.0.19041.1_none_ff04ba67127d59fe\hbaapi.dll Handle ID: 0x720 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-framedyn-dll_31bf3856ad364e35_10.0.19041.1_none_e2db8e255af62a10\framedyn.dll Handle ID: 0xe78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\imaadp32.acm Handle ID: 0x924 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-ui-libs_31bf3856ad364e35_10.0.19041.1_none_f1a66ceadc1ac5a7\fveui.dll Handle ID: 0x15bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\framedynos.dll Handle ID: 0x13f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\M1033ZIR.APM Handle ID: 0x1868 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.19041.1_none_7e470436241a018f\hhctrl.ocx Handle ID: 0xa60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..w-kernelsupportuser_31bf3856ad364e35_10.0.19041.1_none_1b632b5bb5339e8b\ksuser.dll Handle ID: 0x1234 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-u..latform-facilitator_31bf3856ad364e35_10.0.19041.1_none_48593f2800494004\Facilitator.dll Handle ID: 0xf24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ux-winre.deployment_31bf3856ad364e35_10.0.19041.1_none_1c71373ee04f3e91\bootux.dll Handle ID: 0xc8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\MdSched.exe Handle ID: 0x1a0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-tool-exe_31bf3856ad364e35_10.0.19041.1_none_b00bcb3b56b3d8e3\manage-bde.exe Handle ID: 0x7a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winomi-mibincodec-dll_31bf3856ad364e35_10.0.19041.1_none_fe8b95190d24914f\mibincodec.dll Handle ID: 0xaec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-mi-dll_31bf3856ad364e35_10.0.19041.1_none_40324f0aaf4bb80e\mi.dll Handle ID: 0x14a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\msadp32.acm Handle ID: 0x1874 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directshow-dmo_31bf3856ad364e35_10.0.19041.1_none_d0874ed19e069aca\msdmo.dll Handle ID: 0x1354 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_11.0.19041.1_none_6cc270f3015bbb5f\jscript.dll Handle ID: 0xee4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winomi-mimofcodec-dll_31bf3856ad364e35_10.0.19041.1_none_fb771fecc6c2f05c\mimofcodec.dll Handle ID: 0x13b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.0.19041.1_none_2e0c150bc7e8db08\jscript9diag.dll Handle ID: 0x16a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_10.0.19041.1_none_96d696a28066f556\msacm32.dll Handle ID: 0x7bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\msg711.acm Handle ID: 0x10e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\msgsm32.acm Handle ID: 0xb08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-miutils-dll_31bf3856ad364e35_10.0.19041.1_none_2135df93bd1c37f3\miutils.dll Handle ID: 0x136c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh_31bf3856ad364e35_10.0.19041.1_none_5f5d6355fa237622\NarratorControlTemplates.xml Handle ID: 0x908 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\ncobjapi.dll Handle ID: 0x1174 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmdeviceapi_31bf3856ad364e35_10.0.19041.1_none_0af5511b58bf6105\MMDevAPI.dll Handle ID: 0xeec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netman_31bf3856ad364e35_10.0.19041.1_none_c5ae2919f12d59ae\netman.dll Handle ID: 0xac4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.1_none_740ee67443167eb4\Narrator.exe Handle ID: 0x1850 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..scoveryprovider-dll_31bf3856ad364e35_10.0.19041.1_none_299ab6bfeef8f0b6\psmodulediscoveryprovider.mof Handle ID: 0xdb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..scoveryprovider-dll_31bf3856ad364e35_10.0.19041.1_none_299ab6bfeef8f0b6\PSModuleDiscoveryProvider.dll Handle ID: 0x7ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-prvdmofcomp-dll_31bf3856ad364e35_10.0.19041.1_none_8db513659285c3e1\prvdmofcomp.dll Handle ID: 0x169c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ter-cimprovider-exe_31bf3856ad364e35_10.0.19041.1_none_193aab8d8b539746\Register-CimProvider.exe Handle ID: 0x6d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetEngInterfaces.exe Handle ID: 0x12bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetEngine.exe Handle ID: 0xa30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_10.0.19041.1_none_87e54edbaf62ca00\repair-bde.exe Handle ID: 0x804 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\remoteaudioendpoint.dll Handle ID: 0x790 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.19041.1_none_3a6d07f552fecc2c\recdisc.exe Handle ID: 0x86c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetPluginHost.exe Handle ID: 0x1498 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\resetengmig.dll Handle ID: 0xd88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_10.0.19041.1_none_70bdab680f410083\ReInfo.dll Handle ID: 0x1998 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-provider-common_31bf3856ad364e35_10.0.19041.1_none_5e30d23f787e0374\provthrd.dll Handle ID: 0x934 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rtworkq_31bf3856ad364e35_10.0.19041.1_none_a3df82b8c8699995\RTWorkQ.dll Handle ID: 0x19e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.1_none_fcd0dd6b529c84a4\rstrui.exe Handle ID: 0x19bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\scrobj.dll Handle ID: 0xcb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\scrrun.dll Handle ID: 0x1364 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.1_none_fcd0dd6b529c84a4\srclient.dll Handle ID: 0x7b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.621_none_1a2c025ddd3a89c7\srms62.dat Handle ID: 0x1818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\SpatialAudioLicenseSrv.exe Handle ID: 0x19f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.621_none_1a2c025ddd3a89c7\srms.dat Handle ID: 0x878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-srhelper_31bf3856ad364e35_10.0.19041.1_none_64d5657ff9db1846\srhelper.dll Handle ID: 0x95c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmibdll_31bf3856ad364e35_10.0.19041.1_none_0c1cf805b0009dfb\tcpmib.dll Handle ID: 0x624 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh_31bf3856ad364e35_10.0.19041.1_none_5f5d6355fa237622\tier2punctuations.dll Handle ID: 0xe0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-coreprovisioning_31bf3856ad364e35_10.0.19041.1_none_ed55affe15aaa25d\TpmCertResources.dll Handle ID: 0x1550 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main_31bf3856ad364e35_10.0.19041.1_none_9a3804454c3a5688\sxproxy.dll Handle ID: 0x1a10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main_31bf3856ad364e35_10.0.19041.1_none_9a3804454c3a5688\spp.dll Handle ID: 0x118c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-tbs_31bf3856ad364e35_10.0.19041.1_none_a4a8e27917b1d4a2\tbs.dll Handle ID: 0xd84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.1_none_fcd0dd6b529c84a4\srcore.dll Handle ID: 0x18ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\sysreset.exe Handle ID: 0xaf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_10.0.19041.1_none_70bdab680f410083\ReAgent.dll Handle ID: 0xc40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..mage-capture-wizard_31bf3856ad364e35_10.0.19041.1_none_1ec3161d843d5b3a\wdscapture.inf Handle ID: 0x990 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\reseteng.dll Handle ID: 0xd54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ient-server-library_31bf3856ad364e35_10.0.19041.1_none_bc61472ad685eded\wdscsl.dll Handle ID: 0x119c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ervices-diagnostics_31bf3856ad364e35_10.0.19041.1_none_f02917edd6b0bfcc\WdsDiag.dll Handle ID: 0x1230 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_10.0.19041.1_none_003f59aa850fa682\wdmaud.drv Handle ID: 0x8b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main_31bf3856ad364e35_10.0.19041.1_none_0145eaa42e633edc\wbadmin.exe Handle ID: 0x19e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.0.19041.1_none_323c8bab381e679b\vbscript.dll Handle ID: 0x19e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ent-services-client_31bf3856ad364e35_10.0.19041.1_none_664cd6788b0cef8f\wdsclient.exe Handle ID: 0x19d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_10.0.19041.1_none_b96c3b80c28ff316\wbemcomn.dll Handle ID: 0x87c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingui_31bf3856ad364e35_10.0.19041.1_none_84563820a174d447\werui.dll Handle ID: 0x13f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..mage-capture-wizard_31bf3856ad364e35_10.0.19041.1_none_1ec3161d843d5b3a\wdscapture.exe Handle ID: 0x140c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-coreprovisioning_31bf3856ad364e35_10.0.19041.1_none_ed55affe15aaa25d\TpmCoreProvisioning.dll Handle ID: 0x8f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..es-transport-client_31bf3856ad364e35_10.0.19041.1_none_c71ec3231539568b\wdstptc.dll Handle ID: 0x1434 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..e-oc-srt-background_31bf3856ad364e35_10.0.19041.1_none_9eecd591ca795bd6\winre.jpg Handle ID: 0x1494 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-devices-midi_31bf3856ad364e35_10.0.19041.1_none_a0cb30e63b04963c\Windows.Devices.Midi.dll Handle ID: 0x1864 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-media-devices_31bf3856ad364e35_10.0.19041.1_none_3158669b7ec140d9\Windows.Media.Devices.dll Handle ID: 0x1620 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..vices-image-library_31bf3856ad364e35_10.0.19041.1_none_34496984ddfad865\WdsImage.dll Handle ID: 0x794 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\MSTTSLocEnUS.dat Handle ID: 0xfa8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-xaudio2_8_31bf3856ad364e35_10.0.19041.1_none_fc734b41dc885462\XAudio2_8.dll Handle ID: 0x14b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\wshcon.dll Handle ID: 0x6a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools_31bf3856ad364e35_10.0.19041.1_none_8dec776522fcecde\WmiMgmt.msc Handle ID: 0xa70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_fd6813e5c3d1c883\WmiMgmt.msc Handle ID: 0x1628 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-wmidcom-dll_31bf3856ad364e35_10.0.19041.1_none_f19aad0842d9271a\wmidcom.dll Handle ID: 0xd20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\wshom.ocx Handle ID: 0xda4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\wscript.exe Handle ID: 0xa7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..adapter-wmitomi-dll_31bf3856ad364e35_10.0.19041.1_none_313d4e2c5675f9d4\wmitomi.dll Handle ID: 0x9f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_10.0.19041.1_none_99d3037b9f1d6f54\wbengine.exe Handle ID: 0x14c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..es-multicast-client_31bf3856ad364e35_10.0.19041.1_none_6c83ecde752dfd52\wdsmcast.exe Handle ID: 0xf90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssservice_31bf3856ad364e35_10.0.19041.1_none_10bddbfab734fa42\VSSVC.exe Handle ID: 0x11d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetEngine.dll Handle ID: 0x13b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d2d_31bf3856ad364e35_10.0.19041.1_none_5d8df447fb4e7fad\d2d1.dll Handle ID: 0x72c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-xaudio2_9_31bf3856ad364e35_10.0.19041.1_none_fc744b8bdc876db9\XAudio2_9.dll Handle ID: 0xd58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.0.19041.1_none_2e0c150bc7e8db08\jscript9.dll Handle ID: 0x840 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakra.dll Handle ID: 0x668 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh_31bf3856ad364e35_10.0.19041.1_none_5f5d6355fa237622\SRH.dll Handle ID: 0x19f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..storage-classdriver_31bf3856ad364e35_10.0.19041.1_none_13e0a2d70bde69d7\EhStorClass.sys Handle ID: 0x19cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filetracefilter_31bf3856ad364e35_10.0.19041.1_none_b0b561660c7b5f0c\filetrace.sys Handle ID: 0x13ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmcss_31bf3856ad364e35_10.0.19041.1_none_0d89446c82e7b332\mmcss.sys Handle ID: 0x10f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-tbs_31bf3856ad364e35_10.0.19041.1_none_a4a8e27917b1d4a2\tbs.sys Handle ID: 0x1878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ehstortcgdrv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9fd4a542f83c4a3\EhStorTcgDrv.sys.mui Handle ID: 0x18cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_audioendpoint.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d71c466ec187ae9b\AudioEndpoint.inf_loc Handle ID: 0x14fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ehstortcgdrv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9fd4a542f83c4a3\EhStorTcgDrv.inf_loc Handle ID: 0xae4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hdaudss.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_53a41a6f21f92bbe\hdaudss.inf_loc Handle ID: 0x978 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hdaudio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_979015a3cb75e148\hdaudio.inf_loc Handle ID: 0xf64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_rawsilo.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a313c95fcf95ba21\rawsilo.inf_loc Handle ID: 0x85c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdmaudiocoresystem.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4fec1f921fe386e\wdmaudioCoreSystem.inf_loc Handle ID: 0x10c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdma_usb.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5fc5aab9f0e92cb4\wdma_usb.inf_loc Handle ID: 0x1090 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_10.0.19041.1_en-us_da7fa0fdb9bb1da2\audiodg.exe.mui Handle ID: 0xcf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_10.0.19041.1_en-us_da7fa0fdb9bb1da2\AudioEndpointBuilder.dll.mui Handle ID: 0x1990 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_10.0.19041.1_en-us_da7fa0fdb9bb1da2\AudioSrv.dll.mui Handle ID: 0x163c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mmcss.resources_31bf3856ad364e35_10.0.19041.1_en-us_63bb7612d6a0dd5a\avrt.dll.mui Handle ID: 0xe38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_3657e07d684f0581\BootRec.exe.mui Handle ID: 0x10bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..re-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_3a6ceafd04278b58\AudioSes.dll.mui Handle ID: 0x1470 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-cloudrec.resources_31bf3856ad364e35_10.0.19041.1_en-us_e9e41542bbce4eef\CloudRecApi.dll.mui Handle ID: 0x16c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-cloudrec.resources_31bf3856ad364e35_10.0.19041.1_en-us_e9e41542bbce4eef\CloudRecSvc.exe.mui Handle ID: 0xa0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootux-winre.resources_31bf3856ad364e35_10.0.19041.1_en-us_f4345854daf75697\bootux.dll.mui Handle ID: 0x1970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ecoveryui.resources_31bf3856ad364e35_10.0.19041.1_en-us_427c213dea78ff80\bmrui.exe.mui Handle ID: 0x10c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\cscript.exe.mui Handle ID: 0xbe0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dskquota.resources_31bf3856ad364e35_10.0.19041.1_en-us_b6f5c1b7fef92fe4\dskquota.dll.mui Handle ID: 0x6ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..roxy-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_3813956db567ed0e\blbres.dll.mui Handle ID: 0x9cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..p-ui-libs.resources_31bf3856ad364e35_10.0.19041.1_en-us_85d6fd46092ef1b0\fveui.dll.mui Handle ID: 0x998 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..recoverux.resources_31bf3856ad364e35_10.0.19041.1_en-us_d665fd376089f50b\fverecoverux.dll.mui Handle ID: 0x1994 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\imaadp32.acm.mui Handle ID: 0xfbc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_10.0.19041.1_en-us_6b3f542b20656524\hhctrl.ocx.mui Handle ID: 0xbf0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_11.0.19041.1_en-us_3dd913b790a1c668\jscript.dll.mui Handle ID: 0x1288 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..-schedule.resources_31bf3856ad364e35_10.0.19041.1_en-us_adc1cc9a65b0c63b\MdSched.exe.mui Handle ID: 0x12a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-mi-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_4c452fec1d11e8e7\mi.dll.mui Handle ID: 0x1148 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.0.19041.1_en-us_cb9db6178247f4cd\jscript9.dll.mui Handle ID: 0x97c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmdeviceapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_7dd53bd9a45027d6\MMDevAPI.dll.mui Handle ID: 0xa78 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..codec-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_9dd80637a0a77432\mimofcodec.dll.mui Handle ID: 0xa40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\msadp32.acm.mui Handle ID: 0x12e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_10.0.19041.1_en-us_0f9ff912a35a13a1\msacm32.dll.mui Handle ID: 0x141c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\msg711.acm.mui Handle ID: 0xe20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\msgsm32.acm.mui Handle ID: 0x750 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..codec-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_41caac310a838eed\mibincodec.dll.mui Handle ID: 0x680 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..utils-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_dd46cf5fa0b19af2\miutils.dll.mui Handle ID: 0x1500 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netman-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_3ce54b4b43888113\netman.dll.mui Handle ID: 0x194c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.19041.1_en-us_7c46b809efcb4d75\Narrator.exe.mui Handle ID: 0x80c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_10.0.19041.1_en-us_4d6906c3ea3817d6\d2d1.dll.mui Handle ID: 0xa64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_1173d42c87f1862f\PSModuleDiscoveryProvider.dll.mui Handle ID: 0x1018 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_1173d42c87f1862f\psmodulediscoveryprovider.mfl Handle ID: 0x18f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset.resources_31bf3856ad364e35_10.0.19041.1_en-us_313cc2058f384fa8\reseteng.dll.mui Handle ID: 0x684 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset.resources_31bf3856ad364e35_10.0.19041.1_en-us_313cc2058f384fa8\ResetEngine.dll.mui Handle ID: 0x1678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-recdisc-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_5fe9c9ee90bc2b1f\recdisc.exe.mui Handle ID: 0xa2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..veryagent.resources_31bf3856ad364e35_10.0.19041.1_en-us_681fc03c3c11f922\reagent.dll.mui Handle ID: 0xe9c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.19041.1_en-us_dffdae74561e42e5\register-cimprovider.exe.mui Handle ID: 0xd30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-tool-exe.resources_31bf3856ad364e35_10.0.19041.1_en-us_7322bfaaf0abd306\manage-bde.exe.mui Handle ID: 0xeb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..repairbde.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f00fd67c12e8209\repair-bde.exe.mui Handle ID: 0x1930 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\scrobj.dll.mui Handle ID: 0xa6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rtworkq.resources_31bf3856ad364e35_10.0.19041.1_en-us_eff0eebd4ec240e4\RTWorkQ.dll.mui Handle ID: 0xfb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\scrrun.dll.mui Handle ID: 0xf1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_76a64804f924a92f\spp.dll.mui Handle ID: 0xcf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_76a64804f924a92f\sxproxy.dll.mui Handle ID: 0x970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset.resources_31bf3856ad364e35_10.0.19041.1_en-us_313cc2058f384fa8\sysreset.exe.mui Handle ID: 0x16cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_36603f53db43bcf9\srcore.dll.mui Handle ID: 0x77c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_36603f53db43bcf9\rstrui.exe.mui Handle ID: 0x874 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..visioning.resources_31bf3856ad364e35_10.0.19041.1_en-us_bba74d5eba00c052\TpmCoreProvisioning.dll.mui Handle ID: 0x1568 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-vbscript.resources_31bf3856ad364e35_11.0.19041.1_en-us_f9be72e87a4dc35c\vbscript.dll.mui Handle ID: 0xfe4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..wdm-audio.resources_31bf3856ad364e35_10.0.19041.1_en-us_26a4e6c8a1381605\wdmaud.drv.mui Handle ID: 0x15c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..gine-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_7ff834e4c950a565\wbengine.exe.mui Handle ID: 0x1928 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh.resources_31bf3856ad364e35_10.0.19041.1_en-us_2b99bfb5aa908cbb\SRH.dll.mui Handle ID: 0xca8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..e-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_069c551ec1ae2c48\WdsImage.dll.mui Handle ID: 0xf2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..agnostics.resources_31bf3856ad364e35_10.0.19041.1_en-us_923ee710c31c02b1\WdsDiag.dll.mui Handle ID: 0x6b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..re-wizard.resources_31bf3856ad364e35_10.0.19041.1_en-us_b1a5d3546edc3f59\wdscapture.exe.mui Handle ID: 0x19a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..portingui.resources_31bf3856ad364e35_10.0.19041.1_en-us_451996366353f25c\werui.dll.mui Handle ID: 0x129c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..st-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_995e9d63e52c413d\wdsmcast.exe.mui Handle ID: 0x116c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..es-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0f229404eb71756\wdsclient.exe.mui Handle ID: 0x1130 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_832dcb8b0a4bb42b\VSSVC.exe.mui Handle ID: 0x15e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..itomi-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_11b3ee8a1a12cfe1\wmitomi.dll.mui Handle ID: 0xfd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\wshom.ocx.mui Handle ID: 0x159c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..xaudio2_9.resources_31bf3856ad364e35_10.0.19041.1_en-us_fd3b95c8c976f5b4\XAudio2_9.dll.mui Handle ID: 0x1374 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\wscript.exe.mui Handle ID: 0x1898 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_aab573223036b6bf\wbadmin.exe.mui Handle ID: 0x6ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh.resources_31bf3856ad364e35_10.0.19041.1_en-us_2b99bfb5aa908cbb\tier2punctuations.dll.mui Handle ID: 0xc54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b018d9a63164212\sapi.dll.mui Handle ID: 0xf5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ondata-wmi-provider_31bf3856ad364e35_10.0.19041.1_none_6658ea421c6ab115\bcd.mof Handle ID: 0xf4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\cli.mof Handle ID: 0x1714 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filetracefilter_31bf3856ad364e35_10.0.19041.1_none_b0b561660c7b5f0c\filetrace.mof Handle ID: 0x1088 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..lesystemsupport-mof_31bf3856ad364e35_10.0.19041.1_none_4931addf0b74706f\IMAPIv2-FileSystemSupport.mof Handle ID: 0x179c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-legacyshim-mof_31bf3856ad364e35_10.0.19041.1_none_94f00e4647dc0b41\IMAPIv2-LegacyShim.mof Handle ID: 0x188c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-base-mof_31bf3856ad364e35_10.0.19041.1_none_0981e25f801b452c\IMAPIv2-Base.mof Handle ID: 0x7b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-kerberos-mof_31bf3856ad364e35_10.0.19041.1_none_9971a16b45127f2a\kerberos.mof Handle ID: 0xcc0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\cimdmtf.mof Handle ID: 0x12b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mup-mof_31bf3856ad364e35_10.0.19041.1_none_12741f84c3926f7a\Microsoft-Windows-Remote-FileSystem.mof Handle ID: 0x149c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_10.0.19041.1_none_99a1d18394747435\krnlprov.mof Handle ID: 0xf74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WMIMigrationPlugin.dll Handle ID: 0x1298 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\mofcomp.exe Handle ID: 0x14e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_10.0.19041.1_none_99a1d18394747435\KrnlProv.dll Handle ID: 0x1144 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-ntlm-mof_31bf3856ad364e35_10.0.19041.1_none_da48343535c2140a\msv1_0.mof Handle ID: 0x1728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntfs-mof_31bf3856ad364e35_10.0.19041.1_none_4b1a5556e970adc5\ntfs.mof Handle ID: 0x1544 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mofinstaller_31bf3856ad364e35_10.0.19041.1_none_c80e6cbfcb1e33c7\mofinstall.dll Handle ID: 0x166c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-filter_31bf3856ad364e35_10.0.19041.1_none_920fccc5f5774641\PolicMan.mof Handle ID: 0x1108 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\powermeterprovider.mof Handle ID: 0xc18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\NCProv.dll Handle ID: 0xb44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-filter_31bf3856ad364e35_10.0.19041.1_none_920fccc5f5774641\PolicMan.dll Handle ID: 0x1580 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\rawxml.xsl Handle ID: 0x1768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\profileassociationprovider.mof Handle ID: 0xb3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\PowerPolicyProvider.mof Handle ID: 0x13e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\mofd.dll Handle ID: 0x1630 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-schannel-mof_31bf3856ad364e35_10.0.19041.1_none_9badbd6e04b7eaa1\schannel.mof Handle ID: 0xa50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_10.0.19041.1_none_f47f6ca465ecdc1b\regevent.mof Handle ID: 0x1950 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-base-mof_31bf3856ad364e35_10.0.19041.1_none_a8b542edb18ebdd3\rsop.mof Handle ID: 0x15b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shenzhouttsvoicecommon_31bf3856ad364e35_10.0.19041.1_none_3218a37ae75dcc89\MSTTSLoc.dll Handle ID: 0x938 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-mof_31bf3856ad364e35_10.0.19041.1_none_edcef15a244d146a\tcpip.mof Handle ID: 0x1740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hbaapi_31bf3856ad364e35_10.0.19041.1_none_ff04ba67127d59fe\hbaapi.mof Handle ID: 0xd14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_10.0.19041.1_none_00c334ebf83ee740\SMTPCons.dll Handle ID: 0x1598 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\texttable.xsl Handle ID: 0x161c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_10.0.19041.1_none_00c334ebf83ee740\scrcons.exe Handle ID: 0xaa0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\textvaluelist.xsl Handle ID: 0x870 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\esscli.dll Handle ID: 0x17cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\unsecapp.exe Handle ID: 0x19dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_10.0.19041.1_none_00c334ebf83ee740\wbemcons.dll Handle ID: 0x15cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_10.0.19041.1_none_cdc4d38aa94a3684\vds.mof Handle ID: 0xec4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_10.0.19041.1_none_f47f6ca465ecdc1b\stdprov.dll Handle ID: 0x17d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wbemprox.dll Handle ID: 0x19d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-scripting_31bf3856ad364e35_10.0.19041.1_none_1702461a921abea8\wbemdisp.tlb Handle ID: 0xf44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_10.0.19041.1_none_3432c764d048a596\repdrvfs.dll Handle ID: 0xf68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-digest-mof_31bf3856ad364e35_10.0.19041.1_none_e21d70adf6c4e8a9\wdigest.mof Handle ID: 0x18a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wbemsvc.dll Handle ID: 0x1718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_10.0.19041.1_none_cdc4d38aa94a3684\vdswmi.dll Handle ID: 0xce4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_10.0.19041.1_none_1673635624aca0dd\Win32_EncryptableVolumeUninstall.mof Handle ID: 0x1514 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_10.0.19041.1_none_1673635624aca0dd\win32_encryptablevolume.mof Handle ID: 0xb1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shenzhouttsvoicecommon_31bf3856ad364e35_10.0.19041.1_none_3218a37ae75dcc89\MSTTSEngine.dll Handle ID: 0x130c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit-mof_31bf3856ad364e35_10.0.19041.1_none_90d1e9fce8e70c10\wininit.mof Handle ID: 0x13a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_10.0.19041.1_none_3629d754154563e3\winlogon.mof Handle ID: 0x1438 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_10.0.19041.1_none_257e1be45fa14ced\Win32_Tpm.mof Handle ID: 0x151c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_10.0.19041.1_none_257e1be45fa14ced\Win32_Tpm.dll Handle ID: 0x1640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-scripting_31bf3856ad364e35_10.0.19041.1_none_1702461a921abea8\wbemdisp.dll Handle ID: 0x16a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WmiApRes.dll Handle ID: 0xb40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.1_none_56a3c953964ea509\WinMgmt.exe Handle ID: 0x15c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WinMgmtR.dll Handle ID: 0x1080 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_10.0.19041.1_none_1673635624aca0dd\Win32_EncryptableVolume.dll Handle ID: 0x15a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.1_none_56a3c953964ea509\WmiApRpl.dll Handle ID: 0x15e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools_31bf3856ad364e35_10.0.19041.1_none_8dec776522fcecde\wbemtest.exe Handle ID: 0x6c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WMIADAP.exe Handle ID: 0x16f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_10.0.19041.1_none_b13a60de191a2a63\fastprox.dll Handle ID: 0x1858 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WmiApSrv.exe Handle ID: 0x1724 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WMICOOKR.dll Handle ID: 0x12b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_10.0.19041.1_none_7cbc133a15aeab54\wmipdfs.mof Handle ID: 0x1360 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_10.0.19041.1_none_7cbc133a15aeab54\wmipdskq.mof Handle ID: 0x19d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-wbemess-dll_31bf3856ad364e35_10.0.19041.1_none_19c65ca7cefe6dba\wbemess.dll Handle ID: 0x818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\wmipdfs.dll Handle ID: 0x157c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-ping-provider_31bf3856ad364e35_10.0.19041.1_none_01770cc86da5219f\wmipicmp.mof Handle ID: 0x1694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-ping-provider_31bf3856ad364e35_10.0.19041.1_none_01770cc86da5219f\WMIPICMP.dll Handle ID: 0x904 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.1_none_c653cc0f2ac29042\WmiDcPrv.dll Handle ID: 0x1064 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_10.0.19041.1_none_7cbc133a15aeab54\wmipsess.mof Handle ID: 0x1490 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\wmipdskq.dll Handle ID: 0x12d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\WMIPSESS.dll Handle ID: 0x8e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\xsl-mappings.xml Handle ID: 0x154c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..win32-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_599754e5b9029653\cimwin32.dll.mui Handle ID: 0x107c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\wmipcima.dll Handle ID: 0x1444 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\cliegaliases.mfl Handle ID: 0xdac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\csv.xsl Handle ID: 0x9a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..acefilter.resources_31bf3856ad364e35_10.0.19041.1_en-us_6e18d367acc20529\filetrace.mfl Handle ID: 0xb28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-wdm-provider_31bf3856ad364e35_10.0.19041.1_none_3023d989016d37fb\wmiprov.dll Handle ID: 0x1668 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_10.0.19041.1_none_579ae2e26c347896\WMIC.exe Handle ID: 0x7cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wmiutils.dll Handle ID: 0x744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\hform.xsl Handle ID: 0x1988 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\htable.xsl Handle ID: 0x1600 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_787819b31b8e3264\KrnlProv.dll.mui Handle ID: 0x78c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\cli.mfl Handle ID: 0x728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_787819b31b8e3264\krnlprov.mfl Handle ID: 0x1084 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\mofcomp.exe.mui Handle ID: 0x108c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-speechcommon_31bf3856ad364e35_10.0.19041.1_none_8bf3561a72086bb6\sapi.dll Handle ID: 0x1098 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\mof.xsl Handle ID: 0x1488 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\NCProv.dll.mui Handle ID: 0xba4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_10.0.19041.1_en-us_78a6075453bcd506\PolicMan.mfl Handle ID: 0x1968 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\profileassociationprovider.mfl Handle ID: 0x14b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\mofd.dll.mui Handle ID: 0x8ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\powermeterprovider.mfl Handle ID: 0xce0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\cimdmtf.mfl Handle ID: 0x1824 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..consumers.resources_31bf3856ad364e35_10.0.19041.1_en-us_160b9316be795953\scrcons.exe.mui Handle ID: 0x1030 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\PowerPolicyProvider.mfl Handle ID: 0xc24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_8c7ca8bc3d6c201b\vdswmi.dll.mui Handle ID: 0x15a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_1e1952baf26cd93f\wininit.mfl Handle ID: 0x98c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mcore-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_8db0eb93c93994af\wbemcore.dll.mui Handle ID: 0xe60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_deabf0d9beac524a\winlogon.mfl Handle ID: 0x10ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_4299559dcbb02d80\WinMgmt.exe.mui Handle ID: 0x718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\WmiApRes.dll.mui Handle ID: 0xe70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.1_none_56a3c953964ea509\WMIsvc.dll Handle ID: 0xe1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_4299559dcbb02d80\WmiApRpl.dll.mui Handle ID: 0x1670 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\WmiApSrv.exe.mui Handle ID: 0x754 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_fd6813e5c3d1c883\wbemtest.exe.mui Handle ID: 0x1548 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_8c7ca8bc3d6c201b\vds.mfl Handle ID: 0xba8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b12272852ae8ea37\wmipdfs.mfl Handle ID: 0x10ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\WinMgmtR.dll.mui Handle ID: 0x10b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_85666a725c5321a4\regevent.mfl Handle ID: 0xedc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b73a00e4bc93332e\WMIPICMP.dll.mui Handle ID: 0xbd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b12272852ae8ea37\wmipdskq.mfl Handle ID: 0x16e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_4299559dcbb02d80\WMIsvc.dll.mui Handle ID: 0x1674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\xml.xsl Handle ID: 0x1634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b12272852ae8ea37\wmipsess.mfl Handle ID: 0x9c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b73a00e4bc93332e\wmipicmp.mfl Handle ID: 0xbb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\wmiutils.dll.mui Handle ID: 0x16d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.1_none_c653cc0f2ac29042\WmiPrvSE.exe Handle ID: 0x14e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_b54e33bc60acaeb9\WMIC.exe.mui Handle ID: 0xd40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hbaapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_468f592c03894065\hbaapi.mfl Handle ID: 0x1a08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\cim20.dtd Handle ID: 0x158c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-g..-base-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_569b37de4343f2d2\rsop.mfl Handle ID: 0x1578 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wmi20.dtd Handle ID: 0x1574 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-text-encoding_31bf3856ad364e35_10.0.19041.1_none_6f727490db6e1eb0\wmi2xml.dll Handle ID: 0x165c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakra.dll.mun Handle ID: 0xaf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.1_none_c653cc0f2ac29042\WmiPrvSD.dll Handle ID: 0x12d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ovider-cimwin32-dll_31bf3856ad364e35_10.0.19041.1_none_859bfeb4a56d5200\cimwin32.dll Handle ID: 0xfec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_10.0.19041.1_none_97b0c067762f34f0\wbemcore.dll Handle ID: 0x9ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-winomi-mibincodec-dll_31bf3856ad364e35_10.0.19041.1_none_08e03f6b4185534a\mibincodec.dll Handle ID: 0x6c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-winomi-mimofcodec-dll_31bf3856ad364e35_10.0.19041.1_none_05cbca3efb23b257\mimofcodec.dll Handle ID: 0xfa4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\cliegaliases.mof Handle ID: 0x958 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x6b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_40104b85a18bfcb2.cdf-ms Handle ID: 0x7d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_de3c4ceb52549e1c.cdf-ms Handle ID: 0xa04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_en-us_8245c3aed97c0844.cdf-ms Handle ID: 0xe08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_pcat_de3c62295de3e26e.cdf-ms Handle ID: 0xad4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_pcat_en-us_80af7686f451a150.cdf-ms Handle ID: 0x968 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_en-us_40104e69a1d105cc.cdf-ms Handle ID: 0x1034 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_logs_measuredboot_ab1fadc53c86b337.cdf-ms Handle ID: 0x114c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_3b206622a946e834.cdf-ms Handle ID: 0x1050 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_common_76cd6f1aaba6e83b.cdf-ms Handle ID: 0xb5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_common_en-us_11ebcc5f3c902d23.cdf-ms Handle ID: 0xe2c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_engines_8a294d630e90192b.cdf-ms Handle ID: 0xffc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_engines_tts_4e06b8e5aea05fb6.cdf-ms Handle ID: 0xb14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_engines_tts_en-us_5bd3d35b5669eef6.cdf-ms Handle ID: 0x960 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_driverstore_a531a9c6b3dfcf87.cdf-ms Handle ID: 0xce8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms Handle ID: 0x1984 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_speech_common_8c297630658eaa3d.cdf-ms Handle ID: 0x1690 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_speech_common_en-us_fda4d836608fc881.cdf-ms Handle ID: 0x196c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_speech_engines_tts_181a16025b64685a.cdf-ms Handle ID: 0xeb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_xml_026f0f207227ebbc.cdf-ms Handle ID: 0xde0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata.cdf-ms Handle ID: 0x1804 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_crypto_pcpksp_windowsaik_cb9775b914a8e5a2.cdf-ms Handle ID: 0xde8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_fe5c6d762edd2110.cdf-ms Handle ID: 0xd60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_cae2264614449191.cdf-ms Handle ID: 0xe04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_fde55420546edfe6.cdf-ms Handle ID: 0xe18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_administrative_tools_50eba26877c48094.cdf-ms Handle ID: 0xef8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_d672ba09d81e87ff.cdf-ms Handle ID: 0xa48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms Handle ID: 0x16b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms Handle ID: 0xa98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms Handle ID: 0x814 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_en-us_8a16130a1a0cde0c.cdf-ms Handle ID: 0xb04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_92b215ec670a7f35.cdf-ms Handle ID: 0xea4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_auxpad_bb15ebb5c2b76782.cdf-ms Handle ID: 0x16e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_insert_bb25e7d5c2685e4a.cdf-ms Handle ID: 0xea8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_keypad_bb29f287c24d4a93.cdf-ms Handle ID: 0x79c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskclearui_efb22b63342a179d.cdf-ms Handle ID: 0xa18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_main_992db4c6307e339e.cdf-ms Handle ID: 0xcd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskmenu_4ada925d6aba5911.cdf-ms Handle ID: 0x16a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_osknav_bb31da33c2376c77.cdf-ms Handle ID: 0x1024 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_osknumpad_ee37ed195958108b.cdf-ms Handle ID: 0x16f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskpred_4ada71c56aba89ef.cdf-ms Handle ID: 0x14c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_symbols_4eaf815d64e8ecbc.cdf-ms Handle ID: 0x186c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_languagemodel_ccceb944834c6c97.cdf-ms Handle ID: 0x830 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0x8cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources.cdf-ms Handle ID: 0x106c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources_en-us_2e88d920877a69ae.cdf-ms Handle ID: 0xaac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources_recovery_fa3a0fbfbc08eda1.cdf-ms Handle ID: 0x18f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users.cdf-ms Handle ID: 0x16bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_73615b64075aa65f.cdf-ms Handle ID: 0x1814 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_33f0d5f51e505ec2.cdf-ms Handle ID: 0xc34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_482f0bdd00d1643d.cdf-ms Handle ID: 0xe24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_b898cfd29d5951f1.cdf-ms Handle ID: 0xe8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_4793cab2f72cc262.cdf-ms Handle ID: 0x12cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_5eb528778fd8d821.cdf-ms Handle ID: 0x160c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_programs_accessibility_1fe25fac404028a8.cdf-ms Handle ID: 0xc94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\diagER.dll Handle ID: 0x11d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\hwexclude.txt Handle ID: 0x6dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\hwcompat.dll Handle ID: 0xfac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\offline.xml Handle ID: 0x820 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\setupplatform.exe Handle ID: 0x72c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ejuvenation-onecore_31bf3856ad364e35_10.0.19041.1_none_9e2b40a4daa9bd87\unattend.dll Handle ID: 0xa70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\upgrade_frmwrk.xml Handle ID: 0x6a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\hwcompat.txt Handle ID: 0xf88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\reagent.dll Handle ID: 0x19f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\wdsutil.dll Handle ID: 0x13b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\unbcl.dll Handle ID: 0x6f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..uvenation.resources_31bf3856ad364e35_10.0.19041.1_en-us_f9d1de7aec7190b4\setupplatform.exe.mui Handle ID: 0xd04 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ejuvenation-onecore_31bf3856ad364e35_10.0.19041.1_none_9e2b40a4daa9bd87\wpx.dll Handle ID: 0xb48 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\setupplatform.dll Handle ID: 0x6d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-dokchampa_31bf3856ad364e35_10.0.19041.1_none_07724f8ba119348c\dokchamp.ttf Handle ID: 0x19cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..pe-estrangeloedessa_31bf3856ad364e35_10.0.19041.1_none_b29fcdf719528101\estre.ttf Handle ID: 0x668 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_10.0.19041.1_none_bdb5bbcec322f2e9\daunpenh.ttf Handle ID: 0x840 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-browallia_31bf3856ad364e35_10.0.19041.1_none_81f2722e20f72389\browalia.ttc Handle ID: 0xd58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_10.0.19041.1_none_6e153adbf8560c28\euphemia.ttf Handle ID: 0x95c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_10.0.19041.1_none_c01d2d24b8311281\kartika.ttf Handle ID: 0x10f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_10.0.19041.1_none_31a57ca83b98313a\gautamib.ttf Handle ID: 0x1310 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-gadugibold_31bf3856ad364e35_10.0.19041.1_none_3611087a5197320a\gadugib.ttf Handle ID: 0x620 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_10.0.19041.1_none_c01d2d24b8311281\kartikab.ttf Handle ID: 0x12ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-gadugi_31bf3856ad364e35_10.0.19041.1_none_9a2fcf6fc49d7ad7\gadugi.ttf Handle ID: 0xbb4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kalinga_31bf3856ad364e35_10.0.19041.1_none_bf4a9e141fed34ff\kalingab.ttf Handle ID: 0xbc8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_10.0.19041.1_none_31a57ca83b98313a\gautami.ttf Handle ID: 0x1038 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kalinga_31bf3856ad364e35_10.0.19041.1_none_bf4a9e141fed34ff\kalinga.ttf Handle ID: 0x17b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..uetype-javanesetext_31bf3856ad364e35_10.0.19041.1_none_b3574d6de9cf3152\javatext.ttf Handle ID: 0x94c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_10.0.19041.1_none_2a28dd53b9428be2\LaoUIb.ttf Handle ID: 0x18cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_10.0.19041.1_none_2a28dd53b9428be2\LaoUI.ttf Handle ID: 0x13ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_10.0.19041.1_none_26a2cd7dbb849930\latha.ttf Handle ID: 0x16ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_10.0.19041.1_none_26a2cd7dbb849930\lathab.ttf Handle ID: 0xa5c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_10.0.19041.1_none_be821a687d9acbbd\leelawad.ttf Handle ID: 0x10b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_10.0.19041.1_none_be821a687d9acbbd\leelawdb.ttf Handle ID: 0x1878 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_10.0.19041.1_none_8462a8d0ff9b835c\iskpotab.ttf Handle ID: 0x117c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_10.0.19041.1_none_fef69e3609e0910f\KhmerUIb.ttf Handle ID: 0x9bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-mvboli_31bf3856ad364e35_10.0.19041.1_none_28df0bade745dad7\mvboli.ttf Handle ID: 0xfc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_10.0.19041.1_none_6a270ea175c7f96e\mangal.ttf Handle ID: 0xae4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_10.0.19041.1_none_6a270ea175c7f96e\mangalb.ttf Handle ID: 0x14fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-newtailue_31bf3856ad364e35_10.0.19041.1_none_6754931ac9bff51a\ntailu.ttf Handle ID: 0xf64 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..etype-newtailuebold_31bf3856ad364e35_10.0.19041.1_none_5d1126271181e8f5\ntailub.ttf Handle ID: 0x1844 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..e-microsofthimalaya_31bf3856ad364e35_10.0.19041.1_none_be23cd6ddb05a43c\himalaya.ttf Handle ID: 0x674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_10.0.19041.1_none_fef69e3609e0910f\KhmerUI.ttf Handle ID: 0x978 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_10.0.19041.1_none_8462a8d0ff9b835c\iskpota.ttf Handle ID: 0x6b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-plantagenet_31bf3856ad364e35_10.0.19041.1_none_a120896fb792f283\plantc.ttf Handle ID: 0xbfc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_10.0.19041.1_none_28c07ecf98e12f9c\phagspa.ttf Handle ID: 0xa74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_10.0.19041.1_none_fcd05ab568b5f217\raavi.ttf Handle ID: 0x1884 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-phagspabold_31bf3856ad364e35_10.0.19041.1_none_3aea002642688123\phagspab.ttf Handle ID: 0xe58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..type-mongolianbaiti_31bf3856ad364e35_10.0.19041.1_none_b98ed43aa5e7a533\monbaiti.ttf Handle ID: 0x640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_10.0.19041.1_none_fcd05ab568b5f217\raavib.ttf Handle ID: 0x1090 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ype-myanmartextbold_31bf3856ad364e35_10.0.19041.1_none_425c516c686c438d\mmrtextb.ttf Handle ID: 0xd08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-myanmartext_31bf3856ad364e35_10.0.19041.1_none_0ed94ed2eab432b2\mmrtext.ttf Handle ID: 0x164c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-yibaiti_31bf3856ad364e35_10.0.19041.1_none_0e32cdcd59fbc6c5\msyi.ttf Handle ID: 0x9c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_10.0.19041.1_none_846cdc31fb668b8c\ebrima.ttf Handle ID: 0x9f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-ebrimabold_31bf3856ad364e35_10.0.19041.1_none_e73f502bddc74e95\ebrimabd.ttf Handle ID: 0xd94 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-nyala_31bf3856ad364e35_10.0.19041.1_none_6bc876d1a17af749\nyala.ttf Handle ID: 0x9d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-taile_31bf3856ad364e35_10.0.19041.1_none_414fac2f4ef3e4db\taile.ttf Handle ID: 0xdb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-tailebold_31bf3856ad364e35_10.0.19041.1_none_618a29e4c90ae974\taileb.ttf Handle ID: 0xdf4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_10.0.19041.1_none_3eb6c46150b50021\tungab.ttf Handle ID: 0x1764 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_10.0.19041.1_none_8358b3e9f1389949\shrutib.ttf Handle ID: 0x16c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_10.0.19041.1_none_3eb6c46150b50021\tunga.ttf Handle ID: 0xd80 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_10.0.19041.1_none_8358b3e9f1389949\shruti.ttf Handle ID: 0x1970 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_10.0.19041.1_none_2c157aebf8a0f49c\vrindab.ttf Handle ID: 0xa0c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_10.0.19041.1_none_2c157aebf8a0f49c\vrinda.ttf Handle ID: 0x10dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onexschema_31bf3856ad364e35_10.0.19041.1_none_0b333e5de5b48e52\OneX_v1.xsd Handle ID: 0xf90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WFD_LEGACY_profile_v1.xsd Handle ID: 0xc30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_profile_v3.xsd Handle ID: 0x974 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_profile_v2.xsd Handle ID: 0x1838 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WFD_profile_v1.xsd Handle ID: 0x6cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLANAP_profile_v1.xsd Handle ID: 0xf7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_policy_v1.xsd Handle ID: 0x10fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\Rules.System.Wireless.xml Handle ID: 0x9b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\Report.System.Wireless.xml Handle ID: 0xf28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_profile_v1.xsd Handle ID: 0x1068 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\Report.System.Wireless.xml Handle ID: 0xab0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-nirmalaui_31bf3856ad364e35_10.0.19041.1_none_bb8c742f0f537122\NirmalaB.ttf Handle ID: 0x13a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\Rules.System.Wireless.xml Handle ID: 0xc4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-nirmalaui_31bf3856ad364e35_10.0.19041.1_none_bb8c742f0f537122\NirmalaS.ttf Handle ID: 0x15f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\cmi2migxml.dll Handle ID: 0x10f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10_31bf3856ad364e35_10.0.19041.1_none_a5a973226d09843c\d3d10core.dll Handle ID: 0x884 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_10.0.19041.1_none_061a8ae948ef9d75\d3d10_1core.dll Handle ID: 0xcc0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_10.0.19041.1_none_783e7a290023bc74\d3d8thk.dll Handle ID: 0x1374 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_10.0.19041.1_none_061a8ae948ef9d75\d3d10_1.dll Handle ID: 0x19a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-d3d10level9_31bf3856ad364e35_10.0.19041.1_none_994f7a363ef01d1c\d3d10level9.dll Handle ID: 0x1898 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\csiagent.dll Handle ID: 0xfd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e30dc15461474d20\dafWCN.dll Handle ID: 0x15e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\delegatorprovider.dll Handle ID: 0xca0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dafwfdprovider_31bf3856ad364e35_10.0.19041.1_none_b058c457605b2980\dafWfdProvider.dll Handle ID: 0x10e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ent-appxpackagingom_31bf3856ad364e35_10.0.19041.1_none_cf9f54279a49afa1\AppxPackaging.dll Handle ID: 0x7f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d11on12_31bf3856ad364e35_10.0.19041.1_none_b1c8a7f2e6d6007f\d3d11on12.dll Handle ID: 0x1144 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..txvideoacceleration_31bf3856ad364e35_10.0.19041.1_none_21c5c011e1907693\dxva2.dll Handle ID: 0x1298 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-directx-dxcore_31bf3856ad364e35_10.0.19041.1_none_69b9ab9a9fe50fec\DXCore.dll Handle ID: 0x139c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10_31bf3856ad364e35_10.0.19041.1_none_a5a973226d09843c\d3d10.dll Handle ID: 0xb34 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fmapi_31bf3856ad364e35_10.0.19041.1_none_08fd237cd396b20c\fmapi.dll Handle ID: 0x17ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e30dc15461474d20\fdWCN.dll Handle ID: 0x774 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-dxgi_31bf3856ad364e35_10.0.19041.1_none_f06f85d6bdea4043\dxgi.dll Handle ID: 0x146c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\iemigplugin.dll Handle ID: 0x1728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d12_31bf3856ad364e35_10.0.19041.1_none_a5a945926d09b77e\D3D12.dll Handle ID: 0x188c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_10.0.19041.1_none_783e7a290023bc74\d3d9.dll Handle ID: 0xf74 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-imagesupport_31bf3856ad364e35_11.0.19041.1_none_27d7512ffd45dfff\imgutil.dll Handle ID: 0x6b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsied.dll Handle ID: 0x1288 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\EdgeManager.dll Handle ID: 0xed4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsium.dll Handle ID: 0x1318 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mail-comm-dll_31bf3856ad364e35_10.0.19041.1_none_2fa237edf7ea2ae4\INETRES.dll Handle ID: 0xb44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsicli.exe Handle ID: 0xc18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsidsc.dll Handle ID: 0x144c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsiwmi.dll Handle ID: 0x149c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsiwmiv2.dll Handle ID: 0x1678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsiexe.dll Handle ID: 0x10c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.1_none_fc149c68bc8daa04\IndexedDbLegacy.dll Handle ID: 0x14f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\IESettingSync.exe Handle ID: 0xbdc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_10.0.19041.1_none_a5a95c5a6d099ddd\d3d11.dll Handle ID: 0x1590 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l2na_31bf3856ad364e35_10.0.19041.1_none_60b4ee44b96a7f24\l2nacp.dll Handle ID: 0xd1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_10.0.19041.1_none_ba9b1bcfb0acbb97\FntCache.dll Handle ID: 0xb50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migres.dll Handle ID: 0xb58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mail-comm-dll_31bf3856ad364e35_10.0.19041.1_none_2fa237edf7ea2ae4\inetcomm.dll Handle ID: 0xa50 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migisol.dll Handle ID: 0x1630 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.19041.1_none_433c779d1394f332\mshta.exe Handle ID: 0x1190 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\migapp.xml Handle ID: 0xda8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\mighost.exe Handle ID: 0x9ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang_31bf3856ad364e35_10.0.19041.1_none_0cd058fc835bd4ba\mlang.dll Handle ID: 0xacc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migsys.dll Handle ID: 0x66c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-ratings_31bf3856ad364e35_11.0.19041.1_none_b174c6b066f29f19\msrating.dll Handle ID: 0xd90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..cesframework-msimtf_31bf3856ad364e35_10.0.19041.1_none_877691e089f9d7ad\msimtf.dll Handle ID: 0xb54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_11.0.19041.1_none_320b71c34d9c2946\mshtmled.dll Handle ID: 0x1618 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mail-comm-dll_31bf3856ad364e35_10.0.19041.1_none_2fa237edf7ea2ae4\msoert2.dll Handle ID: 0x183c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang_31bf3856ad364e35_10.0.19041.1_none_0cd058fc835bd4ba\mlang.dat Handle ID: 0x1740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\MXEAgent.dll Handle ID: 0x17c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\osfilter.inf Handle ID: 0x15ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\oscomps.woa.xml Handle ID: 0x15b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_11.0.19041.1_none_d7a8f7851da0d841\pngfilt.dll Handle ID: 0xc98 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\pnppropmig.dll Handle ID: 0x860 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migstore.dll Handle ID: 0x161c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-oleui_31bf3856ad364e35_10.0.19041.1_none_d66507834d1f0011\oledlg.dll Handle ID: 0x1598 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onex_31bf3856ad364e35_10.0.19041.1_none_5bbc2970bcb926cd\onex.dll Handle ID: 0xd14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\oscomps.xml Handle ID: 0x1698 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-d3dcompiler_31bf3856ad364e35_10.0.19041.1_none_9f4327d7bb6def3f\D3DCompiler_47.dll Handle ID: 0x1940 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\ReserveManager.dll Handle ID: 0x1334 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\setupplatform.cfg Handle ID: 0x1950 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFCN.dat Handle ID: 0x166c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFLCID.dat Handle ID: 0x171c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFPAT.inf Handle ID: 0xc88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFPATRS1.inf Handle ID: 0x1750 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFPATW7.inf Handle ID: 0x7dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFPATW8.inf Handle ID: 0x1280 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFPATWB.inf Handle ID: 0x18c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFPATWT.inf Handle ID: 0xfc0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\sflistw8.woa.dat Handle ID: 0x788 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\sflistwb.woa.dat Handle ID: 0x1520 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_passthru.dll Handle ID: 0x12f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\uninstall.xml Handle ID: 0x914 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\uninstall_data.xml Handle ID: 0x950 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\upgradeagent.xml Handle ID: 0x17d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-component-opcom_31bf3856ad364e35_10.0.19041.1_none_59280f5751ee8923\OpcServices.dll Handle ID: 0x1320 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\upgrade_comp.xml Handle ID: 0x14e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFLISTW7.dat Handle ID: 0x1768 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\upgrade_data.xml Handle ID: 0xf44 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\mshtml.tlb Handle ID: 0x19d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\upgWow_bulk.xml Handle ID: 0x15cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\upgrade_bulk.xml Handle ID: 0x17c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\WcnEapPeerProxy.dll Handle ID: 0x1558 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\WcnEapAuthProxy.dll Handle ID: 0x760 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-netsh-helper_31bf3856ad364e35_10.0.19041.1_none_980b0e2792bde2ab\WcnNetsh.dll Handle ID: 0xb3c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\WcnApi.dll Handle ID: 0x1778 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wfdprov.dll Handle ID: 0x1540 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFLISTW8.dat Handle ID: 0x19b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\WiFiConfigSP.dll Handle ID: 0x137c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-warp10_31bf3856ad364e35_10.0.19041.1_none_a054b167f609e4fc\d3d10warp.dll Handle ID: 0x1150 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_10.0.19041.1_none_f323c5809ebfa506\wcnwiz.dll Handle ID: 0x17cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\sflistwt.woa.dat Handle ID: 0x1514 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\wcncsvc.dll Handle ID: 0x13e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wifidisplay_31bf3856ad364e35_10.0.19041.1_none_a7cc6a3e80623078\WiFiDisplay.dll Handle ID: 0x870 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFLISTWB.dat Handle ID: 0x17a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlanhlp.dll Handle ID: 0xe7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-extension_31bf3856ad364e35_10.0.19041.1_none_afd43cb1c2b70f77\wlanext.exe Handle ID: 0x8b8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-dialog_31bf3856ad364e35_10.0.19041.1_none_c59f82998d027290\wlandlg.dll Handle ID: 0x19dc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-netsh-helper_31bf3856ad364e35_10.0.19041.1_none_ca8ef5b603a219f9\wlancfg.dll Handle ID: 0x16ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlansvcpal.dll Handle ID: 0x151c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\webplatstorageserver.dll Handle ID: 0x13a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlanapi.dll Handle ID: 0x130c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlanmsm.dll Handle ID: 0xce4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanpref_31bf3856ad364e35_10.0.19041.1_none_ef7eafacae5f597a\wlanpref.dll Handle ID: 0x1640 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlansec.dll Handle ID: 0x1718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanconnectionflow_31bf3856ad364e35_10.0.19041.1_none_4025e317072f2c79\WLanConn.dll Handle ID: 0x18a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanui_31bf3856ad364e35_10.0.19041.1_none_227d2dca8c30e04b\wlanui.dll Handle ID: 0xe6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFLISTWT.dat Handle ID: 0x980 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\SFLISTRS1.dat Handle ID: 0xf54 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi.dll Handle ID: 0xf6c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\ieframe.dll Handle ID: 0xf84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\upgradeagent.dll Handle ID: 0x99c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlansvc.dll Handle ID: 0x18fc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vwifi_31bf3856ad364e35_10.0.19041.1_none_1585bba662e285b4\vwifibus.sys Handle ID: 0x1910 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vwifi_31bf3856ad364e35_10.0.19041.1_none_1585bba662e285b4\vwifimp.sys Handle ID: 0x1588 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vwifi_31bf3856ad364e35_10.0.19041.1_none_1585bba662e285b4\vwififlt.sys Handle ID: 0x15a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nwifi.resources_31bf3856ad364e35_10.0.19041.1_en-us_c8070434a22590cd\nwifi.sys.mui Handle ID: 0xb40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-native-80211_31bf3856ad364e35_10.0.19041.1_none_04f9b6942e500cbb\nwifi.sys Handle ID: 0x8b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netnwifi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f8fe2216006d1a98\netnwifi.inf_loc Handle ID: 0x15e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-native-80211_31bf3856ad364e35_10.0.19041.1_none_04f9b6942e500cbb\WdiWiFi.sys Handle ID: 0xf68 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ckagingom.resources_31bf3856ad364e35_10.0.19041.1_en-us_88a7ebc1de04eda0\AppxPackaging.dll.mui Handle ID: 0x1758 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_10.0.19041.1_en-us_86cec2673098cffa\FntCache.dll.mui Handle ID: 0x1504 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migcore.dll Handle ID: 0x16a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_10.0.19041.1_en-us_68a68fbe4b19e7fb\iscsiexe.dll.mui Handle ID: 0x1858 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_10.0.19041.1_en-us_68a68fbe4b19e7fb\iscsidsc.dll.mui Handle ID: 0x12b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_10.0.19041.1_en-us_68a68fbe4b19e7fb\iscsicli.exe.mui Handle ID: 0xa20 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l2na.resources_31bf3856ad364e35_10.0.19041.1_en-us_5c3c1f3e779f0e69\l2nacp.dll.mui Handle ID: 0xdf8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_73a0f7eac168b613\inetres.dll.mui Handle ID: 0xdcc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..uvenation.resources_31bf3856ad364e35_10.0.19041.1_en-us_f9d1de7aec7190b4\migres.dll.mui Handle ID: 0xdd8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..plication.resources_31bf3856ad364e35_11.0.19041.1_en-us_3f3ff51619c4352f\mshta.exe.mui Handle ID: 0x102c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..rk-msimtf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9aef241ffe9ee48e\msimtf.dll.mui Handle ID: 0x678 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_73a0f7eac168b613\msoert2.dll.mui Handle ID: 0x11ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onex.resources_31bf3856ad364e35_10.0.19041.1_en-us_12b2f524e0d28e4a\onex.dll.mui Handle ID: 0x172c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-oleui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e0077757f5b0f7a\oledlg.dll.mui Handle ID: 0x818 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..registrar.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3eb241433b64a4b\wcncsvc.dll.mui Handle ID: 0x19d4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_10.0.19041.1_en-us_a38d7bfae8bfcdba\WcnNetsh.dll.mui Handle ID: 0x1724 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wifidisplay.resources_31bf3856ad364e35_10.0.19041.1_en-us_c6fdd4da1ee2267b\WiFiDisplay.dll.mui Handle ID: 0x904 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_10.0.19041.1_en-us_a44c126c8514cadc\wcnwiz.dll.mui Handle ID: 0x938 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ng-legacy.resources_31bf3856ad364e35_11.0.19041.1_en-us_d5f8b953ccacd563\mshtml.dll.mui Handle ID: 0x714 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..extension.resources_31bf3856ad364e35_10.0.19041.1_en-us_f4657f1f1f8ea752\wlanext.exe.mui Handle ID: 0xa10 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-dialog.resources_31bf3856ad364e35_10.0.19041.1_en-us_38e96d2dff6e4eed\wlandlg.dll.mui Handle ID: 0x18bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ctionflow.resources_31bf3856ad364e35_10.0.19041.1_en-us_c91f468d556191ce\WLanConn.dll.mui Handle ID: 0x1418 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\wlanapi.dll.mui Handle ID: 0xa00 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.0.19041.1_en-us_f6caf3e30da48a47\edgehtml.dll.mui Handle ID: 0x15f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanui.resources_31bf3856ad364e35_10.0.19041.1_en-us_dcec1ba181e3ee3a\wlanui.dll.mui Handle ID: 0x1580 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanpref.resources_31bf3856ad364e35_10.0.19041.1_en-us_aabcfb6886cdc9c9\wlanpref.dll.mui Handle ID: 0x154c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\wlansvc.dll.mui Handle ID: 0x8e8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_10.0.19041.1_en-us_76e27666d9d17a96\wlancfg.dll.mui Handle ID: 0x12d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi.dll.mui Handle ID: 0x1438 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsiwmiv2_uninstall.mof Handle ID: 0x1490 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsirem.mof Handle ID: 0xf14 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsidsc.mof Handle ID: 0x1064 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsiwmiv2.mof Handle ID: 0x16f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\msiscsi.mof Handle ID: 0x107c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsiprf.mof Handle ID: 0x6c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_passthru.mof Handle ID: 0x9a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_passthru_uninstall.mof Handle ID: 0xdac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsihba.mof Handle ID: 0x11bc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_uninstall.mof Handle ID: 0xb4c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e30dc15461474d20\wcncsvc.mof Handle ID: 0x1948 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlan.mof Handle ID: 0x1604 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsiwmiv2_uninstall.mfl Handle ID: 0x1668 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsiprf.mfl Handle ID: 0x900 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi_passthru.mfl Handle ID: 0x1228 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsidsc.mfl Handle ID: 0x1274 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..registrar.resources_31bf3856ad364e35_10.0.19041.1_en-us_d268c9b84909f6f5\wcncsvc.mfl Handle ID: 0x1114 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi_uninstall.mfl Handle ID: 0x648 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi.mof Handle ID: 0x15e4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.0.19041.1_en-us_79a8d08cd7e5bb3a\ieframe.dll.mui Handle ID: 0xa38 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsiwmiv2.mfl Handle ID: 0x64c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSI.psd1 Handle ID: 0xeb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSIConnection.cdxml Handle ID: 0x1958 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSISession.cdxml Handle ID: 0x1084 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSITargetPortal.cdxml Handle ID: 0x764 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSITarget.cdxml Handle ID: 0x1098 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileIntegrity.cdxml Handle ID: 0xa58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\DiskImage.cdxml Handle ID: 0x744 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileServer.cdxml Handle ID: 0x1790 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\InitiatorId.cdxml Handle ID: 0x888 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\OffloadDataTransferSetting.cdxml Handle ID: 0xcc4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\InitiatorPort.cdxml Handle ID: 0xdd4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileStorageTier.cdxml Handle ID: 0x108c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\PhysicalDisk.cdxml Handle ID: 0xf30 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileShare.cdxml Handle ID: 0xe84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\ResiliencySetting.cdxml Handle ID: 0x1488 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Disk.cdxml Handle ID: 0x690 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Storage.psd1 Handle ID: 0x8ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\MaskingSet.cdxml Handle ID: 0x14b0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Partition.cdxml Handle ID: 0xce0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageHealth.cdxml Handle ID: 0x728 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageNode.cdxml Handle ID: 0xa88 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageJob.cdxml Handle ID: 0x7cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageReliabilityCounter.cdxml Handle ID: 0x78c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageEnclosure.cdxml Handle ID: 0x1600 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageProvider.cdxml Handle ID: 0xb28 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageSetting.cdxml Handle ID: 0x1108 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StoragePool.cdxml Handle ID: 0x1444 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageTier.cdxml Handle ID: 0xc24 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\TargetPort.cdxml Handle ID: 0x1968 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\TargetPortal.cdxml Handle ID: 0x13a8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Storage.format.ps1xml Handle ID: 0x8ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.format.ps1xml Handle ID: 0x1460 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.psd1 Handle ID: 0x9c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageSubSystem.cdxml Handle ID: 0x15a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.types.ps1xml Handle ID: 0x101c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\VirtualDisk.cdxml Handle ID: 0xe60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Volume.cdxml Handle ID: 0x11cc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageCmdlets.cdxml Handle ID: 0x718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Storage.types.ps1xml Handle ID: 0x10ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.psm1 Handle ID: 0x1394 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsicli.exe.mun Handle ID: 0x1030 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageScripts.psm1 Handle ID: 0x1824 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi.mfl Handle ID: 0x1670 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_ed626ba695a80f1b\fdWCN.dll Handle ID: 0xe1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.1_none_fc149c68bc8daa04\mshtml.dll.mun Handle ID: 0x1548 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\edgehtml.dll.mun Handle ID: 0x18c0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e7635c5d69e7562e\WcnApi.dll Handle ID: 0x1448 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_10.0.19041.1_none_f323c5809ebfa506\wcnwiz.dll.mun Handle ID: 0x1694 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_10.0.19041.1_none_fd786fd2d3206701\wcnwiz.dll Handle ID: 0x10ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\ieframe.dll.mun Handle ID: 0xba8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_l2schemas_d7bb5637381de58c.cdf-ms Handle ID: 0x17a4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_reports_a2604845b2b380ca.cdf-ms Handle ID: 0x1338 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_reports_en-us_04eb81229a78dfb4.cdf-ms Handle ID: 0x1370 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_rules_0bde462ce96f215e.cdf-ms Handle ID: 0xd7c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_rules_en-us_8cd2a7c250e636a2.cdf-ms Handle ID: 0xafc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms Handle ID: 0x1538 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms Handle ID: 0x808 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms Handle ID: 0xf08 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_driverstore_en-us_f6b4aaeeda14a371.cdf-ms Handle ID: 0x143c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wcn_06656d8dd047aafe.cdf-ms Handle ID: 0xe70 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wcn_en-us_f42897ed07859b3c.cdf-ms Handle ID: 0x1634 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_iscsi_6a82841e51a4df9f.cdf-ms Handle ID: 0x9c4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_storagebuscache_f8ef06c6464c2279.cdf-ms Handle ID: 0x98c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_en-us_4555b1beb1c13883.cdf-ms Handle ID: 0x1738 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_storage_fcdb4bda9a6da24d.cdf-ms Handle ID: 0x1544 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_systemresources_0307ca33e1cd9708.cdf-ms Handle ID: 0x12b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms Handle ID: 0x1674 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_en-us_9e576ab077991fe8.cdf-ms Handle ID: 0x16d0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wcn_1bf25cffa7664032.cdf-ms Handle ID: 0xbb0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wcn_en-us_1f7e1a8c7448ffe8.cdf-ms Handle ID: 0x1708 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources_recovery_en-us_38d0190271db68af.cdf-ms Handle ID: 0x14e0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.1_none_fc149c68bc8daa04\mshtml.dll Handle ID: 0x650 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\edgehtml.dll Handle ID: 0xf40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.153_none_e74acfe72624a02b\poqexec.exe Handle ID: 0x16ac Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.153_none_8b2c34636dc72ef5\poqexec.exe Handle ID: 0x17b4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\diagER.dll Handle ID: 0xc18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\cmi2migxml.dll Handle ID: 0x6d8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\hwcompat.dll Handle ID: 0xa40 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\migres.dll Handle ID: 0x998 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\migisol.dll Handle ID: 0x15f8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\pnppropmig.dll Handle ID: 0x1068 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.621_none_1a2c025ddd3a89c7\ResetEngInterfaces.exe Handle ID: 0xdb8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.621_none_1a2c025ddd3a89c7\ResetEngine.exe Handle ID: 0xb58 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.621_none_1a2c025ddd3a89c7\ResetPluginHost.exe Handle ID: 0x1630 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.621_none_1a2c025ddd3a89c7\resetengmig.dll Handle ID: 0x9f0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\mighost.exe Handle ID: 0x9c8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\csiagent.dll Handle ID: 0xa60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\MXEAgent.dll Handle ID: 0xd1c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\migsys.dll Handle ID: 0xb18 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\ReserveManager.dll Handle ID: 0x1590 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\poqexec.exe Handle ID: 0xacc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\setupplatform.exe Handle ID: 0x9ec Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\uninstall.xml Handle ID: 0xda8 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\hwcompat.txt Handle ID: 0xc8c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\upgrade_bulk.xml Handle ID: 0x66c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.621_none_1a2c025ddd3a89c7\sysreset.exe Handle ID: 0x1190 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\wdsutil.dll Handle ID: 0x1414 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\reagent.dll Handle ID: 0x183c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\migstore.dll Handle ID: 0xf60 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.621_none_1a2c025ddd3a89c7\reseteng.dll Handle ID: 0x1740 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\unbcl.dll Handle ID: 0xd90 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ux-winre.deployment_31bf3856ad364e35_10.0.19041.505_none_44a3b0219fa17972\bootux.dll Handle ID: 0xbdc Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootux-winre.resources_31bf3856ad364e35_10.0.19041.505_en-us_1c66d1379a499178\bootux.dll.mui Handle ID: 0x1188 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_220320d2c4216035\poqexec.exe Handle ID: 0x1178 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.621_none_1a2c025ddd3a89c7\ResetEngine.dll Handle ID: 0x1224 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\upgradeagent.dll Handle ID: 0xa84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_logs_cbs_10a752bcbbaee88b.cdf-ms Handle ID: 0x1718 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_packages_46c20bc5f833cc43.cdf-ms Handle ID: 0xf84 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_sessions_5591aee9e2456a35.cdf-ms Handle ID: 0x1058 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x1910 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_sqm_51d9d5f9de5a2fa5.cdf-ms Handle ID: 0x1504 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.19041.1220_887f3fa38d1c67d5.cdf-ms Handle ID: 0x1758 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms Handle ID: 0x1044 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_advancedinstallers_0c6bb4866bff02f7.cdf-ms Handle ID: 0x103c Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x1028 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x938 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:46 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x15f4 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:47 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\migcore.dll Handle ID: 0x8a0 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2021-10-18 14:07:47 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.899_none_305f5d936fb0b77c\setupplatform.dll Handle ID: 0x1298 Process Information: Process ID: 0x1e00 Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 12544 | 2021-10-18 14:08:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:08:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 14:08:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:08:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 14:15:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 14:28:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:28:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 14:44:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:44:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 14:44:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:44:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 14:45:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:45:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 14:45:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:45:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 14:56:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 14:56:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 15:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 15:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 15:11:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:11:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 15:11:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:11:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 15:23:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0xa5c Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 15:23:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1cfc Process Name: C:\Program Files\Git\usr\bin\sh.exe
|
| | Security | Audit Success | 12544 | 2021-10-18 15:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 15:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 15:40:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 15:40:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:40:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 15:40:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 15:40:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:40:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 15:45:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:45:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 15:55:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:55:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 15:59:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:59:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 15:59:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 15:59:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 15:59:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 15:59:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 15:59:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 15:59:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 16:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 16:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 16:04:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 16:04:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 16:21:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 16:21:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 16:21:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 16:21:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 16:21:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 16:21:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 16:27:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 16:27:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 16:29:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 16:29:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 16:32:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 16:32:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 16:32:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 16:32:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 16:32:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 16:32:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 16:40:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 16:40:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 16:40:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 16:40:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 16:48:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 16:48:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 16:48:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 16:48:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 16:48:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 16:48:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 16:55:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 16:55:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 17:04:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 17:04:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 17:29:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 17:29:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 17:44:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 17:44:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 18:02:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 18:02:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 18:02:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:02:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 18:02:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 18:02:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 18:02:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:02:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 18:02:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 18:02:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:02:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 18:02:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 18:14:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:14:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 18:20:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:20:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 18:25:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:25:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 18:28:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:28:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:29:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 18:30:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:30:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 18:30:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:30:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 18:44:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:44:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 18:51:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 18:55:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 18:55:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:02:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 19:05:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 19:05:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 19:05:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:05:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 19:05:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 19:05:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 19:22:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:22:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 19:22:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:22:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:23:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:28:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 19:29:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:29:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 19:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 19:39:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:39:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:43:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 19:59:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:59:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 19:59:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 20:00:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 20:00:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 20:19:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 20:19:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 20:19:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 20:19:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 20:19:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 20:19:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 20:29:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 20:29:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 20:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 20:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 20:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 20:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 20:35:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 20:35:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 20:35:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 20:35:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 20:35:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 20:35:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 20:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 20:39:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 20:39:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 20:46:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 20:46:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 20:46:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 20:46:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 20:46:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 20:46:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 21:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 21:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 21:05:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 21:05:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 21:14:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 21:14:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:22:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 21:22:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 21:22:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 21:28:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 21:28:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 21:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 21:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 21:35:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 21:35:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 21:42:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 21:42:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 21:50:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 22:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 22:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 22:00:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 22:00:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 22:22:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 22:22:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 22:30:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 22:30:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 22:30:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 22:30:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 22:35:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 22:35:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-18 22:35:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 22:35:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 22:35:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-18 22:35:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 22:38:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 22:38:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 22:40:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:40:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:40:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:40:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-18 22:43:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-18 22:43:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 22:43:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 22:44:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-18 22:44:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-18 22:44:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ec Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-18 22:44:06 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x24915 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2021-10-18 22:44:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-18 22:44:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x7ac Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 22:44:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x7ac Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 22:44:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x7ac Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 22:44:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x7ac Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-18 22:44:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x7ac Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 103 | 2021-10-18 22:44:07 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2021-10-19 07:29:11 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xac New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 07:29:11 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xac Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2021-10-19 07:29:11 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x25c New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2021-10-19 07:29:11 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2021-10-19 07:29:12 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x290 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x25c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 07:29:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x32c New Process Name: ??????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x25c Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 07:29:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x350 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x32c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3a8 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0x11854 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3a8 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x414 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0x11c61 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x414 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x414 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18a9d Linked Logon ID: 0x18ac6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x414 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18ac6 Linked Logon ID: 0x18a9d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x414 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x790 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x261eb Linked Logon ID: 0x265e8 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x790 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x265e8 Linked Logon ID: 0x261eb Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x790 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18a9d Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18ac6 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x261eb Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3a0 New Process Name: ??????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x25c Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3a8 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x32c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3b0 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3a0 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3f0 New Process Name: ????????????????-??6??8????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3a8 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3fc New Process Name: ??????????????e??? ????????? ???????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3a8 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x11575
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2021-10-19 07:29:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x6c8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Process Information: Process ID: 3152 Process Creation Time: 2021-10-19T00:29:16.0149292Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\duthien-asus\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Process Information: Process ID: 3152 Process Creation Time: 2021-10-19T00:29:16.0149292Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7724 Process Creation Time: 2021-10-19T00:29:16.7734947Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7724 Process Creation Time: 2021-10-19T00:29:16.7734947Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13826 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1110 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1110 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x120c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-19 07:29:16 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x120c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x220c Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2021-10-19 07:29:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x220c Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:28 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2460 Process Creation Time: 2021-10-19T00:29:15.7610237Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\b0f91114c9d74d35ef6a281362144592_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2460 Process Creation Time: 2021-10-19T00:29:15.7610237Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2460 Process Creation Time: 2021-10-19T00:29:15.7610237Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2460 Process Creation Time: 2021-10-19T00:29:15.7610237Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2460 Process Creation Time: 2021-10-19T00:29:15.7610237Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x790 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xd0428 Linked Logon ID: 0xd0470 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x790 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xd0470 Linked Logon ID: 0xd0428 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x790 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xd206e Linked Logon ID: 0xd2116 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xd2116 Linked Logon ID: 0xd206e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xd2116 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xd0470 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xd206e Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0xd0428 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xd0428 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0xd206e Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:30 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7724 Process Creation Time: 2021-10-19T00:29:16.7734947Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: adfac44508e5f59e Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\79fb3cb982d76632ab44dfda06e042a7_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7724 Process Creation Time: 2021-10-19T00:29:16.7734947Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:29:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:30:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:30:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:30:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x3064 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 07:30:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:30:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 07:30:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:30:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 07:30:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:30:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 07:31:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:31:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 07:31:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:31:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:32:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:35:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:35:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:35:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:35:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2b80 Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:35:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:35:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:35:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:38:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:39:28 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:39:28 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:39:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 07:39:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 07:39:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2860 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2860 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2860 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2860 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2860 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2860 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 07:44:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:50:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:50:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:50:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:50:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 07:50:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:50:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 07:56:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 07:56:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:56:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 07:56:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 07:59:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 07:59:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:02:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:02:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:13:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:13:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:13:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 08:13:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:13:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 08:13:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:15:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:15:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:20:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 08:20:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:20:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 08:20:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 08:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 08:29:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 08:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 08:29:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 08:30:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:30:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:30:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:30:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:30:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:30:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:23 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:30:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 08:39:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 08:39:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:39:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 08:39:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:46:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:46:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:47:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:47:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 08:54:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:54:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:23 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 08:54:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x928 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 08:59:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 08:59:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:00:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 09:02:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:02:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:04:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 09:14:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:14:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 09:15:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:15:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 09:15:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:14 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 09:15:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 09:20:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:20:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:26:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:26:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:29:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 09:29:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:29:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 09:29:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:29:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:29:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:30:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 09:30:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:30:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 09:30:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:34:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:34:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:38:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:38:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:40:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:40:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:51:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:51:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 09:59:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 09:59:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 10:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 10:08:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 10:08:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 10:08:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 10:08:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:08:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 10:08:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 10:08:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 10:08:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 10:14:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:14:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 10:29:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:29:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 10:29:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:29:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 10:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 10:32:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:32:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 10:38:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:38:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 10:40:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:40:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 10:40:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 10:40:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 10:40:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:40:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 10:40:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 10:40:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 10:47:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 10:47:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:47:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 10:47:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 10:58:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 10:58:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 11:06:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 11:06:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:06:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 11:06:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 11:06:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:06:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 11:06:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 11:06:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:06:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 11:06:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 11:06:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 11:06:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:06:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 11:06:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 11:07:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 11:22:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:22:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 11:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 11:30:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:30:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 11:44:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:44:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 11:44:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:44:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 11:50:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 11:50:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 11:50:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 11:50:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:50:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 11:50:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 11:50:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 11:50:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 11:51:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 11:51:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 11:51:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 11:51:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 12:02:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 12:05:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 12:05:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:05:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 12:05:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:14:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:14:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:20:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:20:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:21:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 12:21:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:21:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 12:21:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:29:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:29:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:32:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 12:32:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:32:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 12:32:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:42:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:42:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:44:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:44:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:46:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:46:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:46:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:46:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:51:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 12:51:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:51:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 12:51:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:56:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 12:56:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 12:56:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:56:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 12:56:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 12:56:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:56:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:56:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 12:56:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 12:56:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 13:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 13:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 13:05:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 13:05:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 13:05:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 13:05:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 13:14:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 13:14:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 13:19:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 13:19:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 13:19:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 13:19:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 13:24:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 13:24:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 13:24:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 13:24:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 13:24:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 13:24:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 13:29:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 13:29:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 13:29:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 13:29:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 13:32:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 13:43:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 13:43:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 13:59:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 13:59:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 14:14:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 14:14:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 14:24:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 14:24:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 14:24:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 14:24:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 14:24:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 14:24:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 14:29:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 14:29:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 14:29:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 14:29:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 14:44:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 14:44:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 14:44:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 14:44:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 14:45:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 14:45:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 14:56:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 14:56:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 14:59:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 14:59:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 15:01:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 15:01:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 15:01:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 15:01:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 15:02:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x265e8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 15:03:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 15:03:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 15:03:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 15:03:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 15:13:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 15:13:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 15:29:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 15:29:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 15:29:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 15:29:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 15:44:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 15:44:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 15:44:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 15:44:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 15:48:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 15:48:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 15:53:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 15:53:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2021-10-19 16:45:38 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xac New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 16:45:38 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xac Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2021-10-19 16:45:38 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x258 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 16:45:38 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x28c New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x258 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2021-10-19 16:45:38 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2021-10-19 16:45:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x32c New Process Name: ??????????????-??6??8????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x258 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 16:45:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x354 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x32c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 101 | 2021-10-19 16:45:41 | | Microsoft-Windows-Eventlog | 1101: Audit events have been dropped by the transport. 0
|
| | Security | Audit Success | 12288 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3ac Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0x11aea Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3ac Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x478 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0x12c0d Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x478 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x478 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18f2a Linked Logon ID: 0x18f50 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x478 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18f50 Linked Logon ID: 0x18f2a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x478 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18f2a Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18f50 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3a4 New Process Name: ??????????????-??6??8????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x258 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3ac New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x32c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3b4 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3a4 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3f4 New Process Name: ????????????????-??6??c????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3ac Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x74 New Process Name: ??????????????e??? ????????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3ac Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2021-10-19 16:45:41 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x118f2
|
| | Security | Audit Success | 12292 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x574 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xe7c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xe7c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x10cc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-19 16:45:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x10cc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 16:45:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:45:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 16:46:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:46:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 16:46:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:46:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2021-10-19 16:47:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 16:47:43 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4448 Process Creation Time: 2021-10-19T09:47:43.2219366Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 16:47:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4448 Process Creation Time: 2021-10-19T09:47:43.2219366Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-19 16:47:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:47:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 16:47:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:47:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:47:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:47:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:47:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:47:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2021-10-19 16:47:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1e64 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2021-10-19 16:47:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1e64 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 16:48:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:48:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 16:49:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:49:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:49:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:49:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:55:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:55:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 16:55:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:56:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:56:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 16:56:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 16:56:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:56:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 16:56:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 17:02:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x574 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 17:05:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:05:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 17:05:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:05:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 17:05:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:05:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:05:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:05:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:05:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:05:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:05:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:05:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:05:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12290 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2448 Process Creation Time: 2021-10-19T09:45:41.8468994Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\b0f91114c9d74d35ef6a281362144592_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2448 Process Creation Time: 2021-10-19T09:45:41.8468994Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2448 Process Creation Time: 2021-10-19T09:45:41.8468994Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2448 Process Creation Time: 2021-10-19T09:45:41.8468994Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2448 Process Creation Time: 2021-10-19T09:45:41.8468994Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x798 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x10017e Linked Logon ID: 0x1001b6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x798 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x1001b6 Linked Logon ID: 0x10017e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x798 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x74 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x1005f3 Linked Logon ID: 0x100628 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x74 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x100628 Linked Logon ID: 0x1005f3 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x74 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x100628 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1005f3 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x10017e Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x1005f3 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2021-10-19 17:06:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x6c4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2021-10-19 17:06:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 17:06:41 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Process Information: Process ID: 4768 Process Creation Time: 2021-10-19T10:06:40.9101002Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\duthien-asus\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 17:06:41 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Process Information: Process ID: 4768 Process Creation Time: 2021-10-19T10:06:40.9101002Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4448 Process Creation Time: 2021-10-19T09:47:43.2219366Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: adfac44508e5f59e Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\79fb3cb982d76632ab44dfda06e042a7_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4448 Process Creation Time: 2021-10-19T09:47:43.2219366Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:52 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:06:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:07:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:07:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2b40 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:07:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:07:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:07:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 17:08:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:08:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:16:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x3554 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x3554 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x3554 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x3554 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x3554 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x3554 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:21:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:22:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:22:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 17:30:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:30:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Administrator Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: DefaultAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Guest Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: WDAGUtilityAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x20a4 Process Name: C:\Windows\System32\RuntimeBroker.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 17:33:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 17:45:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 17:45:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 18:04:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 18:04:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 18:04:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 18:04:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:04:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 18:04:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 18:04:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 18:04:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 18:06:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:06:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 18:06:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:06:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:10:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 18:11:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:11:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 18:22:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:22:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:36:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 18:42:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:42:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 18:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:49:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 18:50:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 18:50:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 18:50:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:50:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 18:50:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 18:50:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 18:50:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 18:50:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 18:51:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 19:05:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:05:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:06:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 19:06:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:06:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 19:06:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:06:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:06:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:06:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:06:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:06:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:06:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:07:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:07:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:17:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:17:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:20:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:20:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:21:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:21:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:28:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:28:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:28:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:28:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:36:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:36:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:51:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:51:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 19:56:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:00:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 20:06:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:06:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 20:06:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:06:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:06:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:07:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 20:16:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 20:16:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:16:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 20:29:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:29:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 20:36:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:36:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 20:44:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:44:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 20:51:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:51:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 20:55:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:55:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 20:55:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 20:55:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 20:55:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 20:55:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 21:02:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 21:02:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 21:06:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 21:06:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 21:10:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 21:10:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 21:10:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 21:10:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:10:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 21:14:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 21:21:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 21:21:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 21:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 21:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 21:32:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 21:32:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 21:45:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 21:45:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 21:50:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 21:50:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 22:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 22:00:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:00:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 22:06:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:06:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 22:12:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:12:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:12:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 22:14:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:14:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:16:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:21:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:22:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x818 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 12544 | 2021-10-19 22:22:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:22:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:15 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:26:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-19 22:37:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:37:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 22:37:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:37:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 22:45:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:45:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 22:48:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 22:48:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 22:48:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:48:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 22:48:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 22:48:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-19 22:48:42 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 12544 | 2021-10-19 22:53:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-19 22:53:10 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x1001b6 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2021-10-19 22:53:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-19 22:53:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x798 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 22:53:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x798 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 22:53:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x798 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 22:53:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x798 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2021-10-19 22:53:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x798 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 103 | 2021-10-19 22:53:11 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2021-10-20 06:46:30 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xac New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-20 06:46:30 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xac Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2021-10-20 06:46:30 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x25c New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2021-10-20 06:46:30 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2021-10-20 06:46:31 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x290 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x25c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-20 06:46:32 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x32c New Process Name: ??????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x25c Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-20 06:46:32 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x350 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x32c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3a8 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0x11a58 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3a8 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x414 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0x11e94 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x414 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x414 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x188f4 Linked Logon ID: 0x18912 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x414 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18912 Linked Logon ID: 0x188f4 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x414 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x188f4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x18912 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3a0 New Process Name: ??????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x25c Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3a8 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x32c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3b0 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3a0 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3f0 New Process Name: ????????????????-??6??8????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3a8 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3fc New Process Name: ??????????????e??? ????????? ???????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x3a8 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2021-10-20 06:46:33 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x1178d
|
| | Security | Audit Success | 12292 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x77c Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x5071a Linked Logon ID: 0x50b72 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x77c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x50b72 Linked Logon ID: 0x5071a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x77c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x5071a Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xe9c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xe9c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1020 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 06:46:34 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1020 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2021-10-20 06:46:35 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2021-10-20 06:46:35 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 06:46:35 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Process Information: Process ID: 6212 Process Creation Time: 2021-10-19T23:46:35.1317193Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\duthien-asus\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 06:46:35 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Process Information: Process ID: 6212 Process Creation Time: 2021-10-19T23:46:35.1317193Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 06:46:35 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7544 Process Creation Time: 2021-10-19T23:46:35.6319149Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 06:46:35 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7544 Process Creation Time: 2021-10-19T23:46:35.6319149Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2021-10-20 06:46:35 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x6e0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 06:46:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1fc4 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 06:46:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1fc4 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12290 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7544 Process Creation Time: 2021-10-19T23:46:35.6319149Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: adfac44508e5f59e Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\79fb3cb982d76632ab44dfda06e042a7_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7544 Process Creation Time: 2021-10-19T23:46:35.6319149Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: adfac44508e5f59e Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:47 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:47:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:47:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:27 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:47:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:47:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:47:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:47:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:47:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:47:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2312 Process Creation Time: 2021-10-19T23:46:33.8683972Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\b0f91114c9d74d35ef6a281362144592_709fd991-06b4-49f4-902c-1a49232b870b Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2312 Process Creation Time: 2021-10-19T23:46:33.8683972Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2312 Process Creation Time: 2021-10-19T23:46:33.8683972Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2312 Process Creation Time: 2021-10-19T23:46:33.8683972Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2312 Process Creation Time: 2021-10-19T23:46:33.8683972Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x77c Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x180e66 Linked Logon ID: 0x180ead Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x77c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x180ead Linked Logon ID: 0x180e66 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x77c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x182fda Linked Logon ID: 0x183086 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x183086 Linked Logon ID: 0x182fda Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x183086 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x180ead Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x182fda Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x180e66 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x180e66 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x182fda Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:44 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:47:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:48:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:48:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 06:48:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x2508 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 12544 | 2021-10-20 06:48:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:48:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 06:52:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:52:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:52:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 06:52:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 06:52:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:52:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 06:52:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:52:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:52:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:52:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:52:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:52:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:52:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:52:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:52:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:52:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1168 Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 12544 | 2021-10-20 06:52:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:52:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 06:56:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 06:59:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 06:59:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 07:01:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 07:01:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x27c0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x27c0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x27c0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x27c0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x27c0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x27c0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:01:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:05 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 07:11:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 07:11:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 07:15:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 07:15:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 07:22:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 07:22:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 07:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 07:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 07:31:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 07:31:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 07:41:44 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 12544 | 2021-10-20 07:46:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 07:46:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 07:46:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 07:46:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 08:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 08:02:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 08:02:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:02:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 08:02:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 08:02:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:02:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 08:07:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 08:07:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:07:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 08:07:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:14 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:07:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-20 08:16:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:16:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:17:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 08:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:13 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 08:38:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1a74 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2021-10-20 08:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 08:46:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 08:46:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:46:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 08:46:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 08:47:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:47:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 08:51:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:51:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 08:51:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 08:51:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 09:00:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 09:00:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 09:12:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 09:12:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 09:12:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 09:12:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 09:12:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 09:12:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:17:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 09:27:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 09:27:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 09:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 09:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 09:47:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 09:55:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 09:55:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 10:00:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 10:00:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 10:11:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 10:11:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 10:11:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 10:11:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 10:11:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 10:11:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 10:29:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 10:29:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 10:30:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 10:30:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 10:39:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 10:39:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 10:39:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 10:39:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 10:39:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 10:39:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 10:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 10:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 10:47:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 10:47:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 11:21:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 11:21:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 11:33:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 11:33:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 11:33:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 11:33:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 11:33:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 11:33:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 11:33:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 11:33:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 11:39:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 11:39:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 11:46:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 11:47:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 11:47:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 12:14:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 12:14:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 12:17:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 12:17:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 12:29:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 12:29:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 12:42:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 12:42:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 12:47:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 12:47:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 13:01:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 13:01:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Administrator Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: DefaultAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: Guest Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Additional Information: Caller Workstation: DESKTOP-31RMJIC Target Account Name: WDAGUtilityAccount Target Account Domain: DESKTOP-31RMJIC
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x1cc0 Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:03:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:16:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 13:16:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 13:16:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 13:17:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:17:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:17:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:17:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 13:18:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 13:18:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 13:29:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 13:29:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 13:34:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 13:44:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 13:44:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 13:44:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 13:44:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 13:44:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 13:44:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 14:01:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 14:01:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 14:10:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 14:32:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 14:32:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 14:32:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 14:32:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 14:32:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 14:32:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 14:46:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 14:46:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:12:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:13:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 15:14:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 15:14:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 15:21:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 15:21:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 15:21:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 15:21:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 15:21:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 15:21:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 15:30:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 15:30:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 15:30:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 15:30:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 15:34:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 15:46:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 15:46:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 15:50:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x367c Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2021-10-20 15:51:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 15:51:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 15:51:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 15:51:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 15:51:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 15:51:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 16:47:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 16:47:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 16:51:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 16:51:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 16:51:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 16:51:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 16:51:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 16:51:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 16:51:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 16:51:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 16:52:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:20:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 17:20:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12292 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2312 Process Creation Time: 2021-10-19T23:46:33.8683972Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2312 Process Creation Time: 2021-10-19T23:46:33.8683972Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2312 Process Creation Time: 2021-10-19T23:46:33.8683972Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2312 Process Creation Time: 2021-10-19T23:46:33.8683972Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {4BFE2526-700A-44DF-918E-CFB34204C73A} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x77c Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x105adda Linked Logon ID: 0x105ae21 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x77c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x105ae21 Linked Logon ID: 0x105adda Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x77c Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x105d5f9 Linked Logon ID: 0x105d70f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x105d70f Linked Logon ID: 0x105d5f9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3fc Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: DESKTOP-31RMJIC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x105d70f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x105ae21 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x105d5f9 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x105adda Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x105adda Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: blueskythien2010@live.com Account Domain: MicrosoftAccount Logon ID: 0x105d5f9 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Changed Attributes: SAM Account Name: - Display Name: Thien Pham Quoc Du User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:20:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 17:22:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:29:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 17:29:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 17:41:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:41:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:41:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 17:41:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 17:41:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 17:41:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 17:43:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 17:43:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 17:43:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 17:43:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 18:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 18:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 18:06:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 18:06:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 18:09:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 18:09:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 18:09:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 18:09:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 18:14:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 18:14:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 18:25:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 18:25:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 18:25:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 18:25:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 18:25:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 18:25:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 18:30:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 18:30:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 18:36:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 18:36:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 18:44:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 18:56:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 18:56:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2021-10-20 18:56:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 18:56:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 18:56:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2021-10-20 18:56:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2021-10-20 19:12:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x50b72 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2021-10-20 19:16:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 19:16:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-31RMJIC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x3f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-500 Account Name: Administrator Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-501 Account Name: Guest Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-503 Account Name: DefaultAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13824 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a User: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-579 Group Name: Access Control Assistance Operators Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-569 Group Name: Cryptographic Operators Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-583 Group Name: Device Owners Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-578 Group Name: Hyper-V Administrators Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-556 Group Name: Network Configuration Operators Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-547 Group Name: Power Users Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-555 Group Name: Remote Desktop Users Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-552 Group Name: Replicator Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | Security | Audit Success | 13826 | 2021-10-20 19:39:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2686359826-4124161782-3209672449-1001 Account Name: duthien-asus Account Domain: DESKTOP-31RMJIC Logon ID: 0x5071a Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x273c Process Name: C:\Users\duthien-asus\Downloads\aida64extreme650 (1)\aida64.exe
|
| | System | Error | None | 2021-10-17 11:22:09 | | Service Control Manager | 7023: The netprofm service terminated with the following error: %%21
|
| | System | Warning | 212 | 2021-10-17 11:23:00 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_0BDA&PID_0169&MI_00\6&2f0dbcff&0&0000.
|
| | System | Warning | None | 2021-10-17 11:23:16 | LOCAL SERVICE | Microsoft-Windows-Time-Service | 134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
|
| | System | Warning | None | 2021-10-17 11:23:18 | LOCAL SERVICE | Microsoft-Windows-Time-Service | 134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
|
| | System | Warning | None | 2021-10-17 11:23:41 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 11:23:41 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 11:24:10 | LOCAL SERVICE | Microsoft-Windows-Time-Service | 134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
|
| | System | Error | None | 2021-10-17 11:24:11 | | Service Control Manager | 7023: The Function Discovery Resource Publication service terminated with the following error: %%2147952449
|
| | System | Warning | None | 2021-10-17 11:24:11 | LOCAL SERVICE | Microsoft-Windows-Time-Service | 134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
|
| | System | Warning | None | 2021-10-17 18:24:22 | SYSTEM | Microsoft-Windows-Bits-Client | 16385: While canceling job "PreSignInSettingsConfigJSON", BITS was unable to remove some temporary files. To recover disk space, delete the files listed below. The job ID was {96f8c4dd-ed86-40a9-b555-850971fb6313}. C:\Users\ADMINI~1\AppData\Local\Temp\BIT1C77.tmp
|
| | System | Warning | None | 2021-10-17 18:24:26 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:24:51 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | 212 | 2021-10-17 18:25:04 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_0BDA&PID_0169&MI_00\6&2f0dbcff&0&0000.
|
| | System | Warning | None | 2021-10-17 18:25:22 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:25:22 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:25:36 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:25:57 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:25:58 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4003: WLAN AutoConfig detected limited connectivity, attempting automatic recovery. Recovery Type: 4 Error Code: 0x0 Trigger Reason: 1 IP Family: 0
|
| | System | Warning | None | 2021-10-17 18:25:58 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | None | 2021-10-17 18:26:03 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:27:23 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:28:16 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:28:30 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:28:30 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:28:41 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:29:46 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:29:52 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:29:53 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:30:00 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:30:00 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:30:06 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:30:06 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 960 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\services.exe with process id 968 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\lsass.exe with process id 976 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\SecurityHealthService.exe with process id 992 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\RuntimeBroker.exe with process id 1000 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1072 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\SearchProtocolHost.exe with process id 1092 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1120 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1276 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1284 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.441_none_e753a4f1261e4901\TiWorker.exe with process id 1324 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\conhost.exe with process id 1340 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1372 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1388 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\sihost.exe with process id 1404 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1440 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1448 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1456 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1480 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1500 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1540 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1588 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1616 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1632 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1652 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1728 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1848 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1868 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 1916 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\taskhostw.exe with process id 1952 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\WUDFHost.exe with process id 1996 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2020 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2060 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2152 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2160 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2168 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\wlanext.exe with process id 2200 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2276 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2324 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2332 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2352 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2440 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2484 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2568 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2572 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2592 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2596 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2604 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2612 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2624 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\WUDFHost.exe with process id 2792 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2800 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\spoolsv.exe with process id 2820 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2900 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2908 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\SecurityHealthSystray.exe with process id 2920 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Program Files (x86)\Microsoft\Edge\Application\msedge.exe with process id 2948 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2964 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3012 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3024 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3032 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3052 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3168 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3240 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3328 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3356 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3364 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3372 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3392 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3400 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3408 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3416 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Program Files\Windows Defender\MsMpEng.exe with process id 3456 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\drvinst.exe with process id 3480 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\RuntimeBroker.exe with process id 3516 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3540 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3708 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3724 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3844 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 3936 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\servicing\TrustedInstaller.exe with process id 3984 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\SearchProtocolHost.exe with process id 4036 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 4252 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 4472 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\ctfmon.exe with process id 4492 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\backgroundTaskHost.exe with process id 4528 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 4632 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 4656 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 4708 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 4732 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 4764 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 4884 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 4916 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 5112 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\fontdrvhost.exe with process id 5128 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\RuntimeBroker.exe with process id 5260 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\wbem\WmiPrvSE.exe with process id 5580 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 5748 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 5856 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 6000 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\dasHost.exe with process id 6060 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 6076 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 6172 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 6320 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\wbem\WMIADAP.exe with process id 6324 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 6344 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 6492 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\dwm.exe with process id 6588 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\dptf_helper.exe with process id 6612 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\SgrmBroker.exe with process id 6660 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\SearchFilterHost.exe with process id 6672 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Program Files\Windows Defender\NisSrv.exe with process id 6736 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\dllhost.exe with process id 6880 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\SearchIndexer.exe with process id 7008 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\wbem\WmiPrvSE.exe with process id 7032 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\sppsvc.exe with process id 7072 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\backgroundTaskHost.exe with process id 7332 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\csrss.exe with process id 7364 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\explorer.exe with process id 7480 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\smartscreen.exe with process id 7508 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe with process id 7512 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 7576 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\CloudExperienceHostBroker.exe with process id 7652 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Program Files (x86)\Microsoft\Edge\Application\msedge.exe with process id 7716 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 7744 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\winlogon.exe with process id 7752 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 7812 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 7840 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\taskhostw.exe with process id 7888 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Tool\EVKey\EVKey64.exe with process id 7956 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 8028 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 8068 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 8156 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe with process id 8272 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\RuntimeBroker.exe with process id 8364 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\wuauclt.exe with process id 8536 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\RuntimeBroker.exe with process id 8652 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\backgroundTaskHost.exe with process id 8668 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 8868 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe with process id 9628 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\RuntimeBroker.exe with process id 9724 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\RuntimeBroker.exe with process id 9772 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe with process id 9796 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\audiodg.exe with process id 9808 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\RuntimeBroker.exe with process id 9832 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Program Files (x86)\Microsoft\Edge\Application\msedge.exe with process id 9932 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Program Files (x86)\Microsoft\Edge\Application\msedge.exe with process id 10144 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Program Files (x86)\Microsoft\Edge\Application\msedge.exe with process id 10208 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application System with process id 4 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\smss.exe with process id 536 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 568 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\WUDFHost.exe with process id 584 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\csrss.exe with process id 680 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\wininit.exe with process id 752 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | 223 | 2021-10-17 18:30:07 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\fontdrvhost.exe with process id 932 stopped the removal or ejection for the device PCI\VEN_8086&DEV_A398&SUBSYS_12B21043&REV_F0\3&11583659&0&E8.
|
| | System | Warning | None | 2021-10-17 18:30:08 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | None | 2021-10-17 18:30:14 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:30:22 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:30:22 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:30:22 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:30:22 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:30:29 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:30:44 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4003: WLAN AutoConfig detected limited connectivity, attempting automatic recovery. Recovery Type: 4 Error Code: 0x0 Trigger Reason: 1 IP Family: 0
|
| | System | Warning | None | 2021-10-17 18:30:44 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | None | 2021-10-17 18:30:49 | | e1dexpress | 27:
|
| | System | Warning | None | 2021-10-17 18:30:52 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | 223 | 2021-10-17 18:31:00 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2324 stopped the removal or ejection for the device HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_10432380&REV_1003\4&969ed44&0&0001.
|
| | System | Warning | 223 | 2021-10-17 18:31:00 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\svchost.exe with process id 2484 stopped the removal or ejection for the device HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_10432380&REV_1003\4&969ed44&0&0001.
|
| | System | Warning | 223 | 2021-10-17 18:31:00 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume8\Windows\System32\audiodg.exe with process id 9808 stopped the removal or ejection for the device HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_10432380&REV_1003\4&969ed44&0&0001.
|
| | System | Warning | None | 2021-10-17 18:32:23 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:34:54 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | None | 2021-10-17 18:35:06 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:35:06 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | None | 2021-10-17 18:35:32 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:35:53 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Error | 1 | 2021-10-17 18:35:59 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x80240016: Intel Corporation - Display - 27.20.100.8190.
|
| | System | Warning | None | 2021-10-17 18:36:00 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4003: WLAN AutoConfig detected limited connectivity, attempting automatic recovery. Recovery Type: 4 Error Code: 0x0 Trigger Reason: 1 IP Family: 0
|
| | System | Warning | None | 2021-10-17 18:36:11 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Error | 1 | 2021-10-17 18:36:51 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x8024200b: Intel Corporation - Extension - 27.20.100.8190.
|
| | System | Warning | None | 2021-10-17 18:38:11 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:39:41 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:40:13 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:40:19 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:43:31 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:47:39 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Warning | 212 | 2021-10-17 18:47:51 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device PCI\VEN_8086&DEV_1903&SUBSYS_12B21043&REV_05\3&11583659&0&20.
|
| | System | Warning | 212 | 2021-10-17 18:47:52 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_0BDA&PID_0169&MI_00\6&2f0dbcff&0&0000.
|
| | System | Warning | None | 2021-10-17 18:47:57 | | e1dexpress | 27:
|
| | System | Warning | None | 2021-10-17 18:48:38 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4003: WLAN AutoConfig detected limited connectivity, attempting automatic recovery. Recovery Type: 4 Error Code: 0x0 Trigger Reason: 1 IP Family: 0
|
| | System | Error | None | 2021-10-17 18:48:57 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10003: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Error | None | 2021-10-17 18:48:57 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10003: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Error | None | 2021-10-17 18:48:58 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10003: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Warning | None | 2021-10-17 18:48:58 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:48:58 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:48:58 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:48:58 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:49:04 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Error | None | 2021-10-17 18:49:08 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10003: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Warning | None | 2021-10-17 18:49:16 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:49:54 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:50:05 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:50:07 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:50:07 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:50:07 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 18:50:20 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4003: WLAN AutoConfig detected limited connectivity, attempting automatic recovery. Recovery Type: 4 Error Code: 0x0 Trigger Reason: 1 IP Family: 0
|
| | System | Error | None | 2021-10-17 18:50:21 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10003: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Error | None | 2021-10-17 18:50:21 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10003: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Error | None | 2021-10-17 18:50:21 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10003: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Warning | None | 2021-10-17 18:50:25 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 18:55:05 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 19:06:19 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 19:06:23 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 19:06:34 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 19:07:46 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 19:10:16 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 19:10:17 | | e1dexpress | 27:
|
| | System | Warning | None | 2021-10-17 19:11:38 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 19:12:06 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 19:12:06 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2021-10-17 19:42:36 | | Service Control Manager | 7009: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
|
| | System | Error | None | 2021-10-17 19:42:36 | | Service Control Manager | 7000: The Steam Client Service service failed to start due to the following error: %%1053
|
| | System | Warning | None | 2021-10-17 19:42:36 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 19:43:17 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 19:44:20 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 19:44:24 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 19:44:24 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 212 | 2021-10-17 20:26:11 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device PCI\VEN_8086&DEV_1903&SUBSYS_12B21043&REV_05\3&11583659&0&20.
|
| | System | Warning | 212 | 2021-10-17 20:26:12 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_0BDA&PID_0169&MI_00\6&2f0dbcff&0&0000.
|
| | System | Error | None | 2021-10-17 20:26:15 | | Service Control Manager | 7000: The VMSP service failed to start due to the following error: %%1450
|
| | System | Warning | None | 2021-10-17 20:26:17 | | e1dexpress | 27:
|
| | System | Warning | None | 2021-10-17 20:26:20 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 20:26:20 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 20:26:20 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 20:26:20 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 20:26:21 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-17 20:26:34 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 20:26:54 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 20:28:17 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 20:28:17 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 20:28:17 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-17 20:31:10 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2021-10-17 21:48:58 | | volsnap | 16: The shadow copies of volume F: were aborted because volume F:, which contains shadow copy storage for this shadow copy, was force dismounted.
|
| | System | Warning | 212 | 2021-10-18 06:29:00 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device PCI\VEN_8086&DEV_1903&SUBSYS_12B21043&REV_05\3&11583659&0&20.
|
| | System | Warning | 212 | 2021-10-18 06:29:01 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_0BDA&PID_0169&MI_00\6&2f0dbcff&0&0000.
|
| | System | Warning | None | 2021-10-18 06:29:04 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 06:29:04 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 06:29:04 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 06:29:04 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 06:29:06 | | e1dexpress | 27:
|
| | System | Warning | None | 2021-10-18 06:29:15 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-18 06:29:18 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 06:29:24 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 06:31:05 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 06:31:05 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 06:31:05 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 06:33:03 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 06:34:26 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 08:58:15 | | Microsoft-Windows-NDIS | 10400: The network interface "Intel(R) Ethernet Connection (12) I219-V" has begun resetting. There will be a momentary disruption in network connectivity while the hardware resets. Reason: 3. This network interface has reset 1 time(s) since it was last initialized.
|
| | System | Warning | None | 2021-10-18 08:58:27 | | Microsoft-Windows-NDIS | 10400: The network interface "Intel(R) Ethernet Connection (12) I219-V" has begun resetting. There will be a momentary disruption in network connectivity while the hardware resets. Reason: 3. This network interface has reset 2 time(s) since it was last initialized.
|
| | System | Warning | None | 2021-10-18 08:58:35 | | e1dexpress | 27:
|
| | System | Warning | None | 2021-10-18 08:58:52 | | e1dexpress | 27:
|
| | System | Warning | None | 2021-10-18 08:59:12 | | e1dexpress | 27:
|
| | System | Warning | None | 2021-10-18 09:42:05 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 12:18:34 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 12:18:34 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 13:13:49 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 13:23:41 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | 1 | 2021-10-18 14:08:36 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.
|
| | System | Warning | None | 2021-10-18 14:16:03 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 15:55:46 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 16:04:50 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 16:04:56 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 16:05:46 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 16:07:11 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 16:11:23 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 16:13:07 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 16:48:31 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 16:57:54 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 16:58:10 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 18:27:02 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 18:51:46 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 18:51:50 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 18:51:50 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 20:39:40 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 21:22:21 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 21:26:01 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 21:28:52 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 21:35:27 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 21:51:14 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 21:52:48 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 21:53:04 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 21:54:34 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-18 22:40:17 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2021-10-18 22:44:05 | duthien-asus | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Warning | 212 | 2021-10-19 07:29:12 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device PCI\VEN_8086&DEV_1903&SUBSYS_12B21043&REV_05\3&11583659&0&20.
|
| | System | Warning | 212 | 2021-10-19 07:29:14 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_0BDA&PID_0169&MI_00\6&2f0dbcff&0&0000.
|
| | System | Warning | None | 2021-10-19 07:29:16 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 07:29:16 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 07:29:16 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 07:29:16 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 07:29:18 | | e1dexpress | 27:
|
| | System | Warning | None | 2021-10-19 07:29:27 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-19 07:29:31 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 07:29:32 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 07:29:35 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 07:29:37 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-19 07:29:52 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4003: WLAN AutoConfig detected limited connectivity, attempting automatic recovery. Recovery Type: 4 Error Code: 0x0 Trigger Reason: 1 IP Family: 0
|
| | System | Warning | None | 2021-10-19 07:30:02 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-19 07:31:17 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 07:31:17 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 07:31:17 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 09:51:48 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 09:55:36 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:07:04 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:07:51 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:07:54 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:11:36 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:15:34 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:15:40 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:15:41 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:15:41 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:15:48 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:20:42 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:22:02 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:22:10 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:26:54 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 11:27:57 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 14:47:22 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 212 | 2021-10-19 16:45:38 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device PCI\VEN_8086&DEV_1903&SUBSYS_12B21043&REV_05\3&11583659&0&20.
|
| | System | Warning | 212 | 2021-10-19 16:45:39 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_0BDA&PID_0169&MI_00\6&2f0dbcff&0&0000.
|
| | System | Error | None | 2021-10-19 16:45:41 | | EventLog | 6008: The previous system shutdown at 3:29:15 PM on ?10/?19/?2021 was unexpected.
|
| | System | Error | None | 2021-10-19 16:45:42 | | Service Control Manager | 7000: The Intel® PROSet/Wireless Service service failed to start due to the following error: %%2
|
| | System | Warning | None | 2021-10-19 16:45:44 | | e1dexpress | 27:
|
| | System | Error | None | 2021-10-19 16:46:18 | | Service Control Manager | 7000: The Intel® PROSet/Wireless Service service failed to start due to the following error: %%2
|
| | System | Warning | None | 2021-10-19 16:46:18 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 4003: WLAN AutoConfig detected limited connectivity, attempting automatic recovery. Recovery Type: 4 Error Code: 0x0 Trigger Reason: 1 IP Family: 0
|
| | System | Warning | None | 2021-10-19 16:47:44 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 16:55:45 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Error | None | 2021-10-19 17:06:40 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10003: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Warning | None | 2021-10-19 17:06:40 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:06:40 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:06:40 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:06:40 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:06:44 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:06:46 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:06:47 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:06:55 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:06:57 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:07:03 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:11:51 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:11:59 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:12:40 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:12:51 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:13:04 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:32:56 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:41:37 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:41:48 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:53:57 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:54:02 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:54:02 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:54:10 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:54:42 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:58:42 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:58:47 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 17:59:24 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 18:12:18 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 18:12:27 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 18:12:30 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 18:19:08 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 18:20:03 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 18:34:50 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 18:42:05 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 18:42:11 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 18:42:14 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 18:42:14 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 19:05:20 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 19:09:20 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 19:25:27 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 20:16:48 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 20:16:55 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 20:16:58 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 20:16:58 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 20:21:54 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 20:21:58 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 20:21:58 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 20:23:40 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 20:23:48 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 20:44:15 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 21:32:47 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 21:32:54 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 21:50:43 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 21:53:14 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 21:53:16 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 21:53:16 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 22:01:54 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 22:06:00 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-19 22:22:03 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2021-10-19 22:53:10 | duthien-asus | DCOM | 10010: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2021-10-19 22:53:10 | duthien-asus | DCOM | 10010: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2021-10-19 22:53:10 | duthien-asus | DCOM | 10010: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2021-10-19 22:53:10 | duthien-asus | DCOM | 10010: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2021-10-19 22:53:10 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10003: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Error | None | 2021-10-19 22:53:12 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10003: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Error | None | 2021-10-19 22:53:12 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10003: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Warning | 212 | 2021-10-20 06:46:30 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device PCI\VEN_8086&DEV_1903&SUBSYS_12B21043&REV_05\3&11583659&0&20.
|
| | System | Warning | 212 | 2021-10-20 06:46:32 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_0BDA&PID_0169&MI_00\6&2f0dbcff&0&0000.
|
| | System | Warning | None | 2021-10-20 06:46:35 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 06:46:35 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 06:46:35 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 06:46:35 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 06:46:36 | | e1dexpress | 27:
|
| | System | Warning | None | 2021-10-20 06:46:47 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2021-10-20 06:46:50 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 06:46:51 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 06:47:48 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 06:48:35 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 06:48:35 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 06:48:35 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 09:28:04 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 12:20:22 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 13:17:00 | duthien-asus | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 13:55:35 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 14:08:15 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 14:08:25 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 14:08:39 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 14:15:19 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 15:02:08 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 15:02:12 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 15:02:12 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 15:06:36 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 15:09:59 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 17:46:08 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 17:52:11 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 17:52:34 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 19:26:23 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2021-10-20 19:37:03 | duthien-asus | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-31RMJIC\duthien-asus SID (S-1-5-21-2686359826-4124161782-3209672449-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|